Orbi cert error all websites

Question

Hi there! I have an Orbi system (router + 2 sats) that has been working well for years. Router FW is V2.7.3.22, and nothing shows as available to upgrade.

Internet connection shows that it is working as well.

An apple tv that is hardwired to the router is working.

All wireless devices are getting cert errors regardless of platform (Win 10 pro, Win 11 pro, macos, ios)

"

NET::ERR_CERT_COMMON_NAME_INVALID

Subject: www . routerlogin . net

Issuer: www . routerlogin . net

Expires on: Jan 6, 2031

Current date: Feb 18, 2022

"

****Spaces added by me so it didn't show up as HTML

I cannot click through this to allow the cert as valid

This is an intermittent error that I am seeing across my entire house / various devices.

Some Google-fu show that routerlogin.net is owned by netgear so I'm not sure what I can do.

Thoughts? We are still WFH so this is a major impact (tethered to my phone right now).

Thanks!!!

Ayebeegee · Answer

Thank you so much for that comprehensive response. I had seen some snippits of it in google searches about this problem but never in one concise note like that.&nbsp;&nbsp;When I get that error, I can click advanced and then proceed. However, that shows a curious thing -- I get the URL in question (say, google.com) and a login prompt.&nbsp;Now I wish that I had the authority to be an admin for google.com but I don't. So I put in my orbi username/pwd on a lark and it took me to the orbi page rather than the url that it showed it was trying to resolve.&nbsp;&nbsp;For some reason, some series of reboots / time / it knowing that it was about to be thrown away has caused this to not be an issue currently, but I am worried about it returning and I don't have any idea what I did / didn't do to fix it.&nbsp;&nbsp;Thanks so much for the suggestion, though.&nbsp;&nbsp;&nbsp;

CrimpOn · Answer

Are Parental Controls or Bitdefender Armor enabled on this router?

Ayebeegee · Answer

No they are not.&nbsp;&nbsp;Thanks!

CrimpOn · Answer

This issue has appeared on the forum before, and I cannot remember the resolution. (sigh. age.)
If you don't want to read my rant, please jump to the bottom.
&nbsp;
Yes, Netgear's SSL certificate situation is a mess.&nbsp; Many years ago, Netgear managed to register an SSL certificate that covered a bunch of URL's, including routerlogin.com, routerlogin.net, orbilogin.com, orbilogin.net.. (and some more).&nbsp; In August 2019, that SSL certificate expired and was not renewed.&nbsp; There has never been an explanation.&nbsp; Some think that Netgear simply forgot to renew it.&nbsp; Others think that the certificate authority refused to renew it for some reason. (Perhaps other router manufacturers claimed it was unfair for Netgear to 'own' routerlogin.com. Perhaps they realized that all those 1,000's of web sites claiming to be routerlogin.com are not really Netgear.&nbsp; Late in 2019 Netgear released new firmware which included a self-signed SSL certifiate.
&nbsp;
&nbsp;
The goofy part is that the router never sends the URL routerlogin.com (orbilogin.net, etc.) to a DNS server to be resolved.&nbsp; (Which IP would a DNS authority say it points to?)&nbsp; The router intercepts the DNS request and says, "that is ME".&nbsp; And, the SSL certificate doesn't matter because the router web management is not a secure web site. (It is http, not https)
&nbsp;
All was good until web browsers decided to prioritize secure web sites over plain web sites.&nbsp; Chrome, Edge, Firefox, Opera, Safari... all of them decided to first look for a secure web site before looking for what the user typed in.&nbsp; So, if the user wants to open http://ford.com, the browser first looks for https://ford.com.&nbsp; If that URL exists, the browser opens it.&nbsp; If not, then it tries the insecure web site.
&nbsp;
For some reason, when your devices try to open web sites, there is an error that causes the web browser to be redirected to the Orbi web management system.&nbsp; The browser tries to open 192.168.1.1 as a secure web site and receives that self-signed SSL certificate.&nbsp; But browsers do not trust self-signed SSL certificates, so the browser says, "ALERT ALERT UNSAFE GO BACK GO BACK"
&nbsp;
There is usually a tiny link somewhere on the page that allows the user to tell the browser, "yes, I know it is unsafe, but I want to go there anyway. Just open the web page."&nbsp; Can you try that and report what comes up?

Mikey94025 · Answer

Your Orbi is in a strange state if you're seeing this error when visiting all HTTPS websites (i.e., not just routerlogin.com).&nbsp; First try to restart your entire Orbi system per:&nbsp;https://www.reddit.com/r/orbi/comments/n0r8fl/how_to_properly_resolve_routerloginnet_not/.&nbsp; If that doesn't work the next resort is to factory reset your Orbi.

Forum Discussion

Orbi cert error all websites

10 Replies