Wait what? My Omnia returns a certificate for proxy!
root@turris:~# echo | openssl s_client -showcerts -connect repo.turris.cz:443
CONNECTED(00000003)
depth=0 CN = proxy
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = proxy
verify return:1
Certificate chain
0 s:/CN=proxy
i:/CN=proxy
[snip]
nslookup repo.turris.cz returns 217.31.192.84 but no reverse record.
nslookup proxy.turris.cz returns 217.31.192.69 and a matching reverse record.
This is when I use my ISP’s DNS, but also if I ask 8.8.8.8 or 1.0.0.1.
And I found the culprit:
root@turris:/etc# cat hosts
217.31.192.69 repo.turris.cz
127.0.0.1 localhost
Don’t know why it’s there but probably because of an an earlier problem. I deleted the first line and my problem is instantly solved, a clear case of PEBCAC.