Warning: Potential Security Risk Ahead - Multiple sites
The Issue: Hello. About a week or two ago, multiple sites (Including my personal site) started giving me a "Warning: Potential Security Risk" message (Error code: SSL_ERROR_BAD_CERT_DOMAIN) and won't let me access them. When I click "Accept the Risk and Continue," I then get a "403 Forbidden" error that says "Cloudflare" under it. These sites work fine if I load them through Chrome, and I've had two other people try this on their own Firefox browsers and the sites work fine for them.
Websites Affected: I've seen this on several different websites, but here are a few specific ones that are giving me this issue:
- https://guessthe.game/
- https://hard-drive.net/news-games/the-hard-drive-review-grapplers-relic-rivals/
- https://paulkankiewicz.com/
Things I've Tried (That didn't work):
- Restarting Firefox/router/computer
- Clearing browser cache/history/cookies
- Disabling all addons/extensions
- Starting Firefox in Safe Mode
- Waiting 1-2 weeks to see if it would somehow fix itself
- Changing Hambuger -> Settings -> General -> Network Settings -> Configure Proxy Access to the Internet to "No Proxy" (This was suggested in another help ticket, but didn't work for me)
- (For my personal site) Contacting WordPress support - They said everything looked good on their end, and since it's happening with multiple sites, it's likely not them anyway
This works, but probably isn't the "correct" solution: Hamburger -> Settings -> Privacy & Security -> Enable DNS over HTTPS using -> Off (Note that this was previously set to "Default Protection," but I have the Security Risk warning if set to that)
Is this a bug with Firefox that can be fixed, or is there something that I can do on my end to fix this issue? The only other things I know of are to 1) Try uninstalling/reinstalling Firefox (But I'm worried I'd lose all my bookmarks/settings/configurations, even with my profile) or 2) Use another browser (But I really like Firefox). Thanks for the help.
All Replies (5)
Re-uploading an image since my first attempt was a bit wonky.
metadragonslayer द्वारा
Works fine here. Did you click the blue View Certificate to check the certificate chain?
Try to rename the cert9.db file (cert9OLD.db) and remove a possible previously used cert8.db file in the Firefox profile folder with Firefox closed to remove intermediate certificates and exceptions that Firefox has cached.
If this has helped to solve the problem then you can remove the renamed cert9OLD.db file. Otherwise you can undo the rename and restore cert9.db.
You can use the button in "Help -> More Troubleshooting Information" (about:support) to go to the current Firefox profile folder or use the about:profiles page (Root directory).
- Help -> More Troubleshooting Information -> Profile Folder/Directory:
Windows: Open Folder; Linux: Open Directory; Mac: Show in Finder - https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data
Thanks for the suggestions and the detailed instructions! Renaming the cert9.db and then restarting Firefox did not fix the issue. I didn't have a cert8 file.
Here's the info from the View Certificate chain you mentioned - I'm not sure what it means or what to do with it:
https://hard-drive.net/news-games/the-hard-drive-review-grapplers-relic-rivals/
Unable to communicate securely with peer: requested domain name does not match the server’s certificate.
HTTP Strict Transport Security: false HTTP Public Key Pinning: false
Certificate chain:
BEGIN CERTIFICATE-----
MIIDuTCCA2CgAwIBAgIQMxYQwO1WgP8N83BfwjSnPzAKBggqhkjOPQQDAjA7MQsw CQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMQwwCgYD VQQDEwNXRTEwHhcNMjQwOTAxMjE1NzA0WhcNMjQxMTMwMjE1NzAzWjAdMRswGQYD VQQDExJjbG91ZGZsYXJlLWVjaC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC AASRWAvGUXezN6QOmzTGcnJQw4E1RFbtmUEhzzOTx1Ol0eN9xoStbidcC1/+q451 DltgHcozQcuJOA3dc60I+r9Xo4ICYjCCAl4wDgYDVR0PAQH/BAQDAgeAMBMGA1Ud JQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJ+oLyumQUSZ gZ+f/vviSlZMmyONMB8GA1UdIwQYMBaAFJB3kjVnxP+ozKnme9mAeXvMk/k4MF4G CCsGAQUFBwEBBFIwUDAnBggrBgEFBQcwAYYbaHR0cDovL28ucGtpLmdvb2cvcy93 ZTEvTXhZMCUGCCsGAQUFBzAChhlodHRwOi8vaS5wa2kuZ29vZy93ZTEuY3J0MDMG A1UdEQQsMCqCEmNsb3VkZmxhcmUtZWNoLmNvbYIUKi5jbG91ZGZsYXJlLWVjaC5j b20wEwYDVR0gBAwwCjAIBgZngQwBAgEwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDov L2MucGtpLmdvb2cvd2UxL2RwY1pjZ1VOUGJFLmNybDCCAQUGCisGAQQB1nkCBAIE gfYEgfMA8QB3AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABka/O Zo4AAAQDAEgwRgIhAKPXan06MwVOtqvASFZQKGAXLjBD1Ungkj/Dixps0UEPAiEA ldfPjrdhDAqwf1iFbNXd5kbj/iCXMNM3YtK73EBT7ZoAdgDf4VbrqgWvtZwPhnGN qMAyTq5W2W6n9aVqAdHBO75SXAAAAZGvzmcwAAAEAwBHMEUCIBBjjwrICoPjNQ3/ /GKezCdLBYfKRQMXL/Zj+MFCfSZNAiEAtDoOZaAmSsfygYjrL1ThZT5aiglWYa4y vNm6W/xwYvIwCgYIKoZIzj0EAwIDRwAwRAIgY1xTkj2lyijDT7AFWyKVfWdSj6Tl 7otWUqjRvRzpxBMCIFgIGdLgO6UEOoqEhx5gPasjYcnWQ1LQcO5vmgqwWp7v
END CERTIFICATE-----
BEGIN CERTIFICATE-----
MIICnzCCAiWgAwIBAgIQf/MZd5csIkp2FV0TttaF4zAKBggqhkjOPQQDAzBHMQsw CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU MBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMjMxMjEzMDkwMDAwWhcNMjkwMjIwMTQw MDAwWjA7MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZp Y2VzMQwwCgYDVQQDEwNXRTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARvzTr+ Z1dHTCEDhUDCR127WEcPQMFcF4XGGTfn1XzthkubgdnXGhOlCgP4mMTG6J7/EFmP LCaY9eYmJbsPAvpWo4H+MIH7MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggr BgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU kHeSNWfE/6jMqeZ72YB5e8yT+TgwHwYDVR0jBBgwFoAUgEzW63T/STaj1dj8tT7F avCUHYwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAChhhodHRwOi8vaS5wa2ku Z29vZy9yNC5jcnQwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2MucGtpLmdvb2cv ci9yNC5jcmwwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwMDaAAwZQIx AOcCq1HW90OVznX+0RGU1cxAQXomvtgM8zItPZCuFQ8jSBJSjz5keROv9aYsAm5V sQIwJonMaAFi54mrfhfoFNZEfuNMSQ6/bIBiNLiyoX46FohQvKeIoJ99cx7sUkFN 7uJW
END CERTIFICATE-----
BEGIN CERTIFICATE-----
MIIDejCCAmKgAwIBAgIQf+UwvzMTQ77dghYQST2KGzANBgkqhkiG9w0BAQsFADBX MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIzMTEx NTAzNDMyMVoXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoT GUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFI0 MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE83Rzp2iLYK5DuDXFgTB7S0md+8Fhzube Rr1r1WEYNa5A3XP3iZEwWus87oV8okB2O6nGuEfYKueSkWpz6bFyOZ8pn6KY019e WIZlD6GEZQbR3IvJx3PIjGov5cSr0R2Ko4H/MIH8MA4GA1UdDwEB/wQEAwIBhjAd BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAd BgNVHQ4EFgQUgEzW63T/STaj1dj8tT7FavCUHYwwHwYDVR0jBBgwFoAUYHtmGkUN l8qJUC99BM00qP/8/UswNgYIKwYBBQUHAQEEKjAoMCYGCCsGAQUFBzAChhpodHRw Oi8vaS5wa2kuZ29vZy9nc3IxLmNydDAtBgNVHR8EJjAkMCKgIKAehhxodHRwOi8v Yy5wa2kuZ29vZy9yL2dzcjEuY3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIBMA0GCSqG SIb3DQEBCwUAA4IBAQAYQrsPBtYDh5bjP2OBDwmkoWhIDDkic574y04tfzHpn+cJ odI2D4SseesQ6bDrarZ7C30ddLibZatoKiws3UL9xnELz4ct92vID24FfVbiI1hY +SW6FoVHkNeWIP0GCbaM4C6uVdF5dTUsMVs/ZbzNnIdCp5Gxmx5ejvEau8otR/Cs kGN+hr/W5GvT1tMBjgWKZ1i4//emhA1JG1BbPzoLJQvyEotc03lXjTaCzv8mEbep 8RqZ7a2CPsgRbuvTPBwcOMBBmuFeU88+FSBX6+7iP0il8b4Z0QFqIwwMHfs/L6K1 vepuoxtGzi4CZ68zJpiq1UvSqTbFJjtbD4seiMHl
END CERTIFICATE-----
metadragonslayer द्वारा
You can try to disable DNS over HTTPS and use the 'Default Protection' setting or 'Off'.
- Settings -> Privacy & Security -> DNS over HTTPS
- https://support.mozilla.org/en-US/kb/firefox-dns-over-https
- https://support.mozilla.org/en-US/kb/dns-over-https-doh-faqs
Yeah, that's in my original post - Setting it to Default still has the issue, but setting it to Off does fix it. That said, I assume setting that to Off is bad and/or possibly leaves me open to other security risks - Does that sound right, or is it totally fine to se that to Off? Also, I'm not sure why this would have suddenly started being an issue if changing that setting fixes it - I've never messed with it before. It seems like there would have had to be something else that happened to make things break on multiple sites all of a sudden.