Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

MUST be able to connect in spite of "site uses HTTP Strict Transport Security (HSTS)"

more options

FF MUST FIND A WORKAROUND FOR THIS ERROR: "The owner of www.xxxxx.blogspot.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate."

Absolutely not acceptable that FF prevents a user from doing what he desires to do. I'm not using any 3rd party security stuff that would demand certificates.

Maybe the blog owner has created his page using some code that conflicts with the higher doman, but there is no way to TELL him since I can't see the page... It is up to FF to somehow workaround this so that I, the USER, can control my tool. An uncontrollable tool is at best useless & at worst dangerous

FF MUST FIND A WORKAROUND FOR THIS ERROR: "The owner of www.xxxxx.blogspot.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate." Absolutely not acceptable that FF prevents a user from doing what he desires to do. I'm not using any 3rd party security stuff that would demand certificates. Maybe the blog owner has created his page using some code that conflicts with the higher doman, but there is no way to TELL him since I can't see the page... It is up to FF to somehow workaround this so that I, the USER, can control my tool. An uncontrollable tool is at best useless & at worst dangerous

Chosen solution

VerizonSucks said

I played with turning HTTPS Everywhere on & off... it noticed that the option to "turn it off for this site" has no effect either -- when I Reload the same FireFox blocking comes up.

Turning it off would let you use HTTP instead of HTTPS on the address. But you need to do the edit yourself.

Read this answer in context 👍 0

All Replies (10)

more options

Please update to Firefox 66.0.5 and let us know if you still have issues.

more options

There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own.

https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can

https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites

https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message

https://support.mozilla.org/en-US/kb/connection-untrusted-error-message

Websites don't load - troubleshoot and fix error messages

http://kb.mozillazine.org/Error_loading_websites

What do the security warning codes mean


  • MOZILLA_PKIX_ERROR_MITM_DETECTED
  • uses an invalid security certificate SSL_ERROR_BAD_CERT_DOMAIN
  • configured their website improperly

How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER

more options

Hi VerizonSucks, do you use HTTPS Everywhere or a similar extension that upgrades HTTP to HTTPS?

I think there is an error in the link. Try it without the www. in the URL.

When you do not use HTTPS, the www subdomain is redirected to a URL without www.

However, when you use HTTPS, there is a certificate error because Google's global certificate covers:

*.blogspot.com  

but not

*.*.blogspot.com

(not sure that would be legal?).

So the redirect fails because a non-matching certificate is sent back.

But this problem should not arise if you use the official URL of this Blogspot site instead of one with an extra www on the front.

Modified by jscher2000 - Support Volunteer

more options

I do use HTTPS Everywhere, but I disabled it.

The address in the URL bar is https://www.xxxx.blogspot.com/ of course the xxxx is redacted for privacy.

I played with turning HTTPS Everywhere on & off... it noticed that the option to "turn it off for this site" has no effect either -- when I Reload the same FireFox blocking comes up.

I'm on the FF Ver 60.6.3 esr which is the latest esr. I'm running OSX 10.11.16 El Capitan.

more options

Removing the www makes the site load. That's weird... since when do URLs function without being prefixed by www?

more options

VerizonSucks said

Removing the www makes the site load. That's weird... since when do URLs function without being prefixed by www?

It's not that weird; Twitter doesn't use www. Sites like mail.yahoo.com do not use www.

The problem here is there is a redirect on the www address that works on HTTP, but it can't work on HTTPS because the certificate on the redirector doesn't match the individual sites.

more options

Chosen Solution

VerizonSucks said

I played with turning HTTPS Everywhere on & off... it noticed that the option to "turn it off for this site" has no effect either -- when I Reload the same FireFox blocking comes up.

Turning it off would let you use HTTP instead of HTTPS on the address. But you need to do the edit yourself.

more options

So a general solution is to see if removing (or maybe adding) the www makes the site work.

The FF error msg ought to give hints like that.

more options

VerizonSucks said

So a general solution is to see if removing (or maybe adding) the www makes the site work. The FF error msg ought to give hints like that.

Firefox doesn't usually suggest that you have the wrong address unless there is no response from the server or the server says the page was not found. If you are using a link you found in search results or got from the site, usually it's a good address.

more options

This address is embededded in a blog in the "other blogs I follow" section. Probably dates back to before HTTPS existed.