Mozilla does not respect the certification authority

porrier · January 2, 2020, 11:28am

Hello!

Since using firefox 71.0 I get a warning when I click on the lock in the URL line that Mozilla does not respect the certification authority, it’s not respected.

This is very irritating! I am using Linuxmint 19.1.

How can this be solved?

Kind regards

Andreas

JuergenAuer · January 2, 2020, 11:57am

Hi @porrier

I don't think it's a Firefox problem.

Your domain name is required to check that.

porrier · January 2, 2020, 12:19pm

The domain in question is bitclusive.de

Andreas

Osiris · January 2, 2020, 12:33pm

Do you have a screenshot of the error?

The current Mozilla root certificate store actually does include the IdenTrust root cert (DST Root CA X3) as wel as Let’s Encrypts own root certificate (ISRG Root X1). So an actual problem with Firefox/Mozilla is rather strange.

Also, your website seems to send the correct certificate including the intermediate certificate.

JuergenAuer · January 2, 2020, 12:51pm

What's that? A completely broken configuration. Works with my browser - but checking the domain - https://check-your-website.server-daten.de/?q=bitclusive.de

http + ipv4 have a httpt status 503, https + non-www / www and ipv4 or ipv6 have a http status 403 - Forbidden.

Redirecting a subfolder there is a wrong redirect - missing slash.

But the certificate is correct, there is no error visible.

CN=bitclusive.de (41707)
	23.11.2019
	21.02.2020
expires in 50 days	bitclusive.de, chat.bitclusive.de, 
imap.bitclusive.de, proxy.bitclusive.de, 
pubsub.bitclusive.de, smtp.bitclusive.de, 
upload.bitclusive.de, www.bitclusive.de - 8 entries

No chain error, no domain name error. And no mixed content warning.

Looks like there is a system that blocks some connections. May be you have a firewall or AV-software that creates an own root certificate -> then the CA is unknown.

porrier · January 2, 2020, 1:29pm

I can’t get a screenshot. The popup when I click the lock disappears as soon I want to take a screenshot.

Andreas

porrier · January 2, 2020, 1:35pm

I am speechless. I now added a slash to the rewriterule in httpd.conf but there are still strange errors checking the page with https://check-your-website.server-daten.de/?q=bitclusive.de
The page works like ever.
I don’t redirect a subfolder, I redirect the whole domain.
RewriteEngine On
Redirect permanent / https://bitclusive.de/

Andreas

JuergenAuer · January 2, 2020, 2:51pm

There must be a blocking instance. The own check sees a http status 403. But using headless Chrome to create a screenshot that works -> something like a bot detection.

Without a screenshot - no idea what you see. May be a problem of your client or connection, not of your website.

porrier · January 2, 2020, 3:32pm

I deactivated all the bad-bot checks in .htaccess. What is the name of the bot of check-your-website.server.daten.de?
screenshot attached.

Andreas

system · February 1, 2020, 3:32pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.