"Unknown certificate authority" with upstream DOH server on Windows

Question

"Unknown certificate authority" with upstream DOH server on Windows

Mosesofmason opened this issue 9 months ago · 0 comments

I am trying to run a DoT proxy on Windows and execute dnsproxy with the following command:

dnsproxy -t 853 -u https://cloudflare-dns.com/dns-query --http3 --insecure --tls-crt=server.crt --tls-key=server.key --cache --cache-min-ttl=600

The server.crt and server.key files are converted from an IIS website *.PFX format certificate.

However, I always encounter the following error:

ERROR reading msg prefix=dnsproxy proto=tcp err="reading len: remote error: tls: unknown certificate authority"

The IIS certificate was issued by Let’s Encrypt, and I have installed the ISRG Root X1 as a Trusted Root CA, but it still doesn’t work. This seems to be a Windows-only bug, as it works fine on Linux.

Any ideas?