Issue [2] I’ll say guys from knot-resolver team. Probably Firefox

doesn’t have problem with it.

a _fresh_ firefox 66.0.5 acutally has a problem with it:

"
Warning: Potential Security Risk Ahead

Firefox detected a potential security threat and did not continue to
odvr.nic.cz. If you visit this site, attackers could try to steal
information like your passwords, emails, or credit card details.
[...]
"

I've been using DoH with 66.0.5 for several days at least (as the primary browser), and even visiting the URL directly doesn't show anything like that for me.  I wonder what I'm doing differently.  (BTW, there's FF 67 now, too.)  Still, we/I do know that not sending the intermediary certificate isn't a correct behavior.

--Vladimir