Firefox 80.0.1 suddenly will not connect to sites requiring HSTS
Firefox 80.0.1 suddenly will not connect to sites requiring HSTS.
"suddenly will not connect" means yesterday the error did not exist but today it does exist.
It also means nothing changed in the computing environment - no application updates, no edited configurations, and no downloads.
Firefox simply quit connecting to certain sites, and the browser text explanation is:
Site X "...has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site. The issue is most likely with the website, and there is nothing you can do to resolve it."
Why would several web sites that are not related one to another all cause the same, sudden error?
What could be the cause of this, and what would be a solution?
Thank you.
J Martin
All Replies (11)
hi, is the time/date of your system clock set correctly or are you using any 3rd-party security software that's intercepting secure network traffic?
Phillipp,
Thank you for the reply. I am using an anti-malware product named "Malwarebytes", and have been for some months before the Firefox problem began today. If an update to Malwarebytes may have caused the problem I cannot say.
Would inactivating the utility and re-starting the computer be reasonable?
Second, I am not certain how to ascertain what the time/date of the system clock is. Neither do I know where to find this information (MAC OS Catalina 10.15.6).
I will try to find the information. Should this information correspond with the actual time and date in my location?
As you see, my replies to your questions may not help you.
Thank you again.
Jim Martin
thanks for reporting back, malwarebytes should be fine - it's just a scanner but not actively tampering with network traffic. & yes, please take a look if your system clock is corresponding with the "real" time at your location - this article can provide some guidance: How to troubleshoot time related errors on secure websites
Phillipp,
I located the time / date setting. Both are correct.
Jim Martin
Philipp,
Thank you. Two of the problematic web-sites are ones that have enormously high traffic - FaceBook and LinkedIn. Unless thousands of others are experiencing the same problem - which I think to be not likely - is it possible that the local network is causing the problem?
Would connecting through a different network to see if the problem persists be a good next step?
Now, I will read the information at the link you provided.
Jim Martin
The specific error code is: SEC_ERROR_UNKNOWN_ISSUER
are you able to click on the error code in order to inspect the failing certificate? of particular interest would be who is mentioned as the issuing instance of such a certificate.
and yes, you are correct - if this is affecting multiple major sites, it's much more plausible that the problem is somewhere in your local system or network environment, otherwise we'd probably have much more of these questions in the forum today :)) if you're in control of the network, restarting the router could also be a good troubleshooting step.
Philipp,
Using the FaceBook site as an example, the information you asked about is this, I think:
https://www.facebook.com/ Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: true HTTP Public Key Pinning: true
I now will move to another location and attempt to connect through a different network. I may not be able to provide more information quickly.
Thank you for the advice so far. Although the problem persists, the possible causes have been narrowed.
Jim Martin
Philipp,
I do not know whether a reply I just sent posted correctly. Using FaceBook as the example, the certificate information you asked about is:
https://www.facebook.com/ Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: true HTTP Public Key Pinning: true
The certificate chain contains two BEGIN CERTIFICATE / END CERTIFICATE blocks.
can you please copy and paste the two blocks of the certificate chain here as well - even though it might look gibberish, that's where the real information is contained...
Philipp,
I believe the error was produced by a change in the network environment, which i do not own. I was able successfully to access the FaceBook site after logging into a different network. I do thank you for your help, and think the problem is solved.
Jim Martin