Can't connect to my internal "unsafe" devices anymore

RheinPirat

In older version of vivladi, there was an option to accept "unsecure" connection. I need that to connet to my printers and ESXi.

But in the current version I cant find any option to connect... WTF is going on here? Is this one of these stupid google things?

If I click the "verbinden" (connect) button, the browser try to open http://www.gstatic.com/generate_204 - WTF2

mib2berlin

@RheinPirat
Hi, check settings > address bar if HTTPS is enabled, disable it.

Cheers, mib

RheinPirat

@mib2berlin Tried that already. Does not help. I need the option to allow a insecure connection like it was before

Same probelm with the latest Edge, which is chromium based...

mib2berlin

@RheinPirat
Yep, this is a Chromium security feature since CR 111 or so.
There was a way to workaround but I cant remember exactly.
At this page type "unsafe" in the address field and hit enter or something.
I guess you will find it search the net, it´s for all Chromium browser but searching for Chrome give the most results.

Cheers, mib

RheinPirat

Then its time to say goodbye to chrome based browsers.

I can't imagine how it is next week at work... we have so may internal servers without a cert.

Pathduck

@RheinPirat This might be caused by newer Chromium browsers using its own root cert store.

This was discussed at length here:
https://forum.vivaldi.net/topic/84032/selfsigned-certificates-stopped-working-after-update-5-7

Possible solution further down:
https://forum.vivaldi.net/post/646403

Couple more things since you seem to have very varied error messages:

1. Your "Mit Netzwerk verbinen" error indicates you are behind some sort of Captive Portal and you do not have network connectivity. Personally I've never seen such an error in Vivaldi, but I use a wired home network. I'm guessing this is a completely different error to the others you encounter. See:
   https://en.wikipedia.org/wiki/Captive_portal
   https://superuser.com/a/1642803/18736

2. IP addresses will never have a valid TLS certificate and will always give a warning. But it should still be allowed to connect if you choose the option to proceed. I don't think there's an option (in any browser) to display IP connections as secure. Might as well use plain HTTP for those servers.

3. The ERR_CERT_COMMON_NAME error correctly indicates that the certificate is invalid. A wildcard cert with a CN of *.kinsta.com will never be valid for a server with domain.com - in any browser.

So apart from setting the flag to disable Chromium's root store, you need to sort out your certificates and give them proper CNs. This might have to be done by your hosting provider (Kinsta?)

If you're using self-signed certs you'll need to add them to your OS trust store as per the usual practice, or no browser will trust them.

RheinPirat

Disable #chrome-root-store-enabled does not help. Also does enable #allow-insecure-localhost anything. Cant connect to my printer and ESXi.

The "Your connection is not private" screenshot is not from me. Found it online, because the browser does not show it anymore but i posted it to show what option i mean.

@Pathduck said in Can't connect to my internal "unsafe" devices anymore:

Your "Mit Netzwerk verbinen" error indicates you are behind some sort of Captive Portal and you do not have network connectivity. Personally I've never seen such an error in Vivaldi, but I use a wired home network. I'm guessing this is a completely different error to the others you encounter.

This is not possible. All my devices (except phones) are wired. Never had any message or error like that before. I also did not update any of my devices since weeks. It must be a chrome bullshit.

Pathduck

@RheinPirat said in Can't connect to my internal "unsafe" devices anymore:

Disable #chrome-root-store-enabled does not help.

Did you restart the browser after?
If it didn't help, then that's not the problem we're trying to solve here.

Cant connect to my printer and ESXi.

And what error messages do you get when you do that?

but i posted it to show what option i mean.

That doesn't make any sense. Please don't post completely unrelated screenshots to the problem you're having.

This is not possible. All my devices (except phones) are wired. Never had any message or error like that before. I also did not update any of my devices since weeks.

Obviously, if you found the screenshots "online" then once again, this is not the problem we're trying to help you with.

Are you tring to solve "Mit Netzwerk verbinden" errors or "Your connection is not secure" errors?

RheinPirat

@Pathduck said in Can't connect to my internal "unsafe" devices anymore:

Did you restart the browser after?

Yes of course - more than once

@Pathduck said in Can't connect to my internal "unsafe" devices anymore:

And what error messages do you get when you do that?

The one i mentioned earlier (changed the browser language to English for you)

same in private mode

@Pathduck said in Can't connect to my internal "unsafe" devices anymore:

That doesn't make any sense. Please don't post completely unrelated screenshots to the problem you're having.

I expected the "your connection is not private"-error message. But this message does not exit anymore - obviously. So i had to search for a similar screenshot as a example.

For testing, i installed FF and there comes the expected error message and i can login on my ESXi and printer.

Pathduck

@RheinPirat It looks to me like you have some network connectivity issues on your system, that for some reason only affects Chromium browsers. The certificate stuff is not really relevant until you're actually able to connect to the server.

Could be a proxy/VPN issue - maybe Firefox is configured correctly, and the Chromium browsers are not configured to use this proxy/VPN. Or it could be the other way around - Chromium browsers are trying to use a proxy when they should not.

I suggest you get help from your local network admin on this, it's impossible for us here to know how your network setup should be done.

Brainc0re

There is no proxy or so in my Network and never was. Its my private Network at home. And like i said, I changed nothing. No new device, no updates on any device (pcs, routers and servers or VMs).
I have this problem since chromium based browsers (Chrome 111) got a update.

No Probelms at all with Vivaldi 5.7.2921.63 (Chrome/110.0.0.0).

Pathduck

@Brainc0re Did you change your user? It's very confusing to people trying to help, you know.

No Probelms at all with Vivaldi 5.7.2921.63 (Chrome/110.0.0.0).

So you're using Snapshots, currently on Chromium 112?

I have this problem since chromium based browsers (Chrome 111) got a update.

If you get this in all Chromium-based browsers (i.e. all browsers except Firefox), there's little we can do here to help you. You'll need to figure out why you are getting the "Connect to network" error on your side. I can't give any more tips than that, and it doesn't help you insisting you've changed nothing.

Only thing I can recommend at this point is you go through all the troubleshooting steps.
https://help.vivaldi.com/desktop/troubleshoot/troubleshooting-issues/

But I doubt it helps, since this problem is clearly on your system, not in Vivaldi.

DoctorG

@RheinPirat said in Can't connect to my internal "unsafe" devices anymore:

its time to say goodbye to chrome based browsers

It is a misconcept on your side to use SSL with a IP instead of a valid hostname.
Give your server a hostname, distribute hostname + IP by DHCP.

Please, learn more about server administration.

DoctorG

@RheinPirat In the past, when such error page appeared, i typed thisisunsafe and could continue.
https://jasonmurray.org/posts/2021/thisisunsafe/

And that works in my case if i try to connect with IP over SSL.

DoctorG

@RheinPirat said in Can't connect to my internal "unsafe" devices anymore:

we have so may internal servers without a cert

It is the server which forced the browser to SSL by HTTP HSTS header! A sercver-sided misconfiguration, if you do not need SSL.

DoctorG

@Brainc0re @RheinPirat
Workaround
Open vivaldi://flags/#unsafely-treat-insecure-origin-as-secure
Set to Enabled
In text field add a list of IPs separated by comma like this:
https://192.168.1.1/,http://192.168.1.1/
Close flags page
Restart Vivaldi

---

Works in my 5.8.2970.12 (=core Chromium 112.0.5615.34), for a test i added my router URL with IP (and my router has a hostname, i can administrate networks ).

DoctorG

I do not know why all users cry WTF and call a browser sh.... when the fault is on their side, their lack of knowledge on networking and devices/server administration. Sad for them when they do not want to learn more.
So many beginners and lazy people "administrating" servers and using devices in networks, i all saw this in browser forums, in server admin forums, in Linux forums.
Helpers need much patience and empathy to help these.

RheinPirat

@DoctorG said in Can't connect to my internal "unsafe" devices anymore:
(...)

"thisisunsafe" or "badidea" dont work on my error screen. Nothing happens.

Adding all my IPs to #unsafely-treat-insecure-origin-as-secure does also not help.

About a hostname. NO, I dont need a hostname for my Server. A IP works fine. All IPs for printers an servers are outside of the DHCP Range. So there is no Problem at all. And IF my server had a hostname, its does not solve the problem, because my printers are only reachable via IP - no hostname there.

And IF i set a hostname, "esxi.local", make the correct entry in my local DNS list..... same error

DoctorG

@RheinPirat why do you use https? I do not understand this.
And you should know, that .local is a reserved TLD for Multicast DNS.
Both a unfamiliar usage.

RheinPirat

@DoctorG said in Can't connect to my internal "unsafe" devices anymore:

@RheinPirat why do you use https? I do not understand this.

Take a closer look at the two screenshots Not blame for using httpS

And the second... it doesnt matter