Why are DNS requests visible with DNS over HTTPS enabled?

So, Firefox 73 rolled out today and with it comes a new DNS option called NextDNS. I thought of giving it a shot and clicked “Enable DNS over HTTPS” and selected NextDNS.

Now, my understanding of HTTPS is that it encrypts the traffic (to provide confidentiality) and prevents tampering (to check integrity). But, when I started snooping on my own traffic using tcpdump, I found entries such as these:

root@Sierra ~ % tcpdump dst port 53  00:16:18.598111 IP > 15871+ A? detectportal.firefox.com. (42) 00:16:18.601087 IP > 44174+ A? www.goodreads.com. (35) 00:16:18.602982 IP > 63750+ AAAA? detectportal.firefox.com. (42) 00:16:18.855488 IP > 7245+ A? mozilla.org. (29) 00:16:18.855976 IP > 17221+ A? mozilla.org. (29) 00:16:18.855998 IP > 24136+ AAAA? mozilla.org. (29) 00:16:18.856830 IP > 52531+ A? detectportal.firefox.com. (42) 00:16:24.097262 IP > 38286+ A? mozilla.org. (29) 00:16:24.097448 IP > 44461+ AAAA? mozilla.org. (29) 00:16:24.451349 IP > 60808+ A? s.gr-assets.com. (33) 00:16:24.456921 IP > 6906+ A? i.gr-assets.com. (33) 00:16:29.106318 IP > 54705+ AAAA? mozilla.org. (29) 00:16:33.269314 IP > 3958+ A? mozilla.org. (29) 00:16:42.515778 IP > 33887+ A? sync-580-us-west-2.sync.services.mozilla.com. (62) 00:16:42.516330 IP > 62418+ A? api.accounts.firefox.com. (42) 00:16:42.889225 IP > 41105+ A? sync-580-us-west-2.sync.services.mozilla.com. (62) 00:16:43.453717 IP > 44380+ A? d3cv4a9a9wh0bt.cloudfront.net. (47) 

Apparently, this doesn’t look encrypted. When I changed my DNS server to Cloudflare, I could only see the entries for Cloudflare’s DNS server (which is what I expect from DoH). So, what’s wrong with NextDNS? How is NextDNS different from unencrypted DNS? And, am I missing something here?

Intermittent problem establishing a secure HTTPS connection to my site

My site gives this error when I try to visit, both on windows and ios. The thing is that it doesn’t always happens, some days it works fine and the other it doesn’t. Does anyone know what could be the cause?

My site is healthprovement.com Subdomains do work, so it only a problem for the main site.

I’ve looked at ssl testers but they weren’t able to load the site or didn’t find anything wrong.

I’ve recently changed some CNAME, and added subdomains. Maybe this could be something to do with it.

Serve all pages over https not just homepage

I want to serve all of my website pages over https, but currently my htaccess only serves the homepage over https.

This is the code I have in my htaccess file:

<IfModule mod_rewrite.c>   RewriteEngine on   RewriteCond %{HTTPS} !on   RewriteRule ^(.*)$   https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </IfModule> 

If you go to the following page it is served still over http: http://www.coerll.utexas.edu/spintx/video/1506

But the homepage is served over https: http://www.coerll.utexas.edu/spintx/

What am I doing wrong?