Some instances of Firefox recognize certificate as untrusted. Issue affects Firefox versions 40, 42, 43. Weird but on another PC running Firefox 42 everything works just fine. Notice that the same certificate is trusted by Google Chrome, MS Edge. My page is https://testoversip.avistar.com:10443/.
Yesterday (12/15/2015) certificate was trusted for all my PCs running different versions of Firefox.
See screenshots below:
Here is snapshot from Firefox which doesn’t rust to the certificate and one which trusts:
OP said the Letsencrypt certificate for his server at https://testoversip.avistar.com:10443/ wasn't trusted by Firefox. When I go to that site it has a Comodo certificate, not a Letsencrypt certificate.
The only times I’ve seen a browser not accept the LE cert as valid is when it’s been installed incorrectly ( i.e. the relevant diferent certs haven’t been put in the correct places on the server). Exactly which ones should be used where depends on your system ( apache / nginx etc ) and version.
Hi Juergen,
Yes I did.
The problem with FF is that when you check certificate, the 2 tabs General and Security> Display Certificate do not show the same informations.
The latter is correct and corresponds to what I have done with LetsEncrypt: expires 2.5.2019
The General tab shows: Expires: 2.2.2019 (ie today) and changes periodically.
The question is: which informations are effectively used ? ---
Another VERY IMPORTANT question.
What will happen on February 13 ??
You announced “Today we are announcing that we will end all support for the TLS-SNI-01 validation method on February 13, 2019.”
Advice not applicable for my context.
I do have kiosks in production by customers and I cannot require form users to press F5 (because there are no keyboard) nor to clear cash (because they do not have acces to OS)
What about February 13 ?
Please answer; this is crucial for me to know.
Hi @rg305,
Thank for having looked at my post.
However you cannot trust the expirations displayed by Firefox.
For the same URL it dispays something else in General tab:
and in The scurity tab> details:
The latter is correct and matches what Chrome displays.
The first one is a Firefox speciality, not really documented (at least I haven’t found)
It seems to be an internal “secondary” FF certificate with the 2 Expires (Expires & expires ??) generated for 30 minutes after starting FF and recalcultaed for the next 30 minutes after each refresh.
You can check it it easily with https://www.kreator.ch/carol/servlet/Main/TCUbik
This is an obsolete method of proving your control over domain names in order to get new certificates. We announced a year ago that we would stop allowing it in February 2019; this has now been pushed back to March 2019.
This could affect your ability to renew your existing certificates if your Let's Encrypt client software is using the obsolete method. To find out if this is so, please read the existing forum threads related to this announcement and/or any e-mails that you were sent by Let's Encrypt (or tell us more about your software configuration).
It doesn't invalidate your existing certificates, regardless of how they were obtained; their validity and expiry dates are unaffected by this change.
