Troubleshooting DNS over TLS

$ echo | openssl s_client -connect ‘’ |grep -B 2 -A 5 “Certificate chain”
depth=1 C = US, O = Let’s Encrypt, CN = Let’s Encrypt Authority X3
— -
Certificate chain
0 s:/
i:/C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority X3
1 s:/C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3

$ echo | openssl s_client -connect ‘’
0 s:/C=US/ST=CA/L=San Francisco/O=Cloudflare, Inc./CN=*
i:/C=US/O=DigiCert Inc/CN=DigiCert ECC Secure Server CA

$ git clone

Cloning into ‘dns-over-tls-php-client’…
remote: Counting objects: 13, done.
remote: Compressing objects: 100% (13/13), done.
remote: Total 13 (delta 2), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (13/13), done.

$ php dnstls.php cloudflare has address has address

Warning: stream_socket_client(): unable to connect to ssl:// (Operation timed out) in /Users/nyk/dns-over-tls-php-client/dnstls.php on line 234

Warning: stream_socket_client(): Peer certificate CN=`*’ did not match expected CN=`' in /Users/nyk/dns-over-tls-php-client/dnstls.php on line 234

$ php dnstls.php pornhub[.]com cleanbrowsing
Host pornhub[.]com not found: 3(NXDOMAIN)



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store