This is pretty obscure and I'm not sure who to contact regarding this issue, so this is more a question on who to contact.
When I browse to www or docs the ipv6 geo site is directing me to https://monitor.pao.freebsd.org/ which in turn presents a "Sign in to monitor.pao.freebsd.org:443" form. If I force ipv4 then I get to the various sites just fine.
This is what I see when I dig gns1.freebsd.org and gns2.freebsd.org with "dig @gns1.freebsd.org web.geo.freebsd.org aaaa":
web.geo.freebsd.org. 150 IN AAAA 2620:11c:5001:1099:1337::20
web.geo.freebsd.org. 150 IN AAAA 2001:5a8:601:4b::50:3
web.geo.freebsd.org. 150 IN AAAA 2001:4f8:ffff:6::50:1
I'm suspicious of the 2001:4f8:ffff:6::50:1 entry as curl -6 -v shows:
* Host www.freebsd.org:443 was resolved.
* IPv6: 2001:4f8:ffff:6::50:1, 2001:5a8:601:4b::50:3, 2620:11c:5001:1099:1337::20
* IPv4: (none)
* Trying [2001:4f8:ffff:6::50:1]:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /opt/local/share/curl/curl-ca-bundle.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / x25519 / RSASSA-PSS
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=monitor.pao.freebsd.org
* start date: Nov 11 20:17:36 2025 GMT
* expire date: Feb 9 20:17:35 2026 GMT
* subjectAltName does not match hostname www.freebsd.org
This has been happening at least for the last couple of days and I presume it's somewhat local to geo location for my AU-base ipv6 addresses as otherwise I'm sure if it was happening globally, it would have been noticed by now.
When I browse to www or docs the ipv6 geo site is directing me to https://monitor.pao.freebsd.org/ which in turn presents a "Sign in to monitor.pao.freebsd.org:443" form. If I force ipv4 then I get to the various sites just fine.
This is what I see when I dig gns1.freebsd.org and gns2.freebsd.org with "dig @gns1.freebsd.org web.geo.freebsd.org aaaa":
web.geo.freebsd.org. 150 IN AAAA 2620:11c:5001:1099:1337::20
web.geo.freebsd.org. 150 IN AAAA 2001:5a8:601:4b::50:3
web.geo.freebsd.org. 150 IN AAAA 2001:4f8:ffff:6::50:1
I'm suspicious of the 2001:4f8:ffff:6::50:1 entry as curl -6 -v shows:
* Host www.freebsd.org:443 was resolved.
* IPv6: 2001:4f8:ffff:6::50:1, 2001:5a8:601:4b::50:3, 2620:11c:5001:1099:1337::20
* IPv4: (none)
* Trying [2001:4f8:ffff:6::50:1]:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /opt/local/share/curl/curl-ca-bundle.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / x25519 / RSASSA-PSS
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=monitor.pao.freebsd.org
* start date: Nov 11 20:17:36 2025 GMT
* expire date: Feb 9 20:17:35 2026 GMT
* subjectAltName does not match hostname www.freebsd.org
This has been happening at least for the last couple of days and I presume it's somewhat local to geo location for my AU-base ipv6 addresses as otherwise I'm sure if it was happening globally, it would have been noticed by now.