Avatar for Username

Kërkoni te Asistenca

Shmangni karremëzime gjoja asistence. S’do t’ju kërkojmë kurrë të bëni një thirrje apo të dërgoni tekst te një numër telefoni, apo të na jepni të dhëna personale. Ju lutemi, raportoni veprimtari të dyshimtë duke përdorur mundësinë “Raportoni Abuzim”.

Mësoni Më Tepër

SSL_ERROR_BAD_CERT_DOMAIN bur cert is valid

  • 1 përgjigje
  • 0 e kanë hasur këtë problem
  • 2 parje
  • Përgjigjja më e re nga Andy Kruger

Andy Kruger
Andy Kruger
more options

I run a little server at (let's call it) nc.example.com, for external access I use Cloudflare tunnel/proxy and have no issues, but for internal LAN access I have a little nginx reverse proxy with a Let's Encrypt certificate on it and custom internal DNS.

With Firefox (only Firefox; curl, Chrome, and Edge have no problem), the first time I browse to the site (after opening Firefox, of after not interacting with the site for a couple of minutes) I get the SSL_ERROR_BAD_CERT_DOMAIN error after a wait of about 30 seconds, the site uses HSTS, so Firefox refuses to talk to it. Pressing Ctrl-F5 after getting the error loads the site as if nothing happened.

What is really annoying is that the Advanced info shows "Firefox does not trust this site because it uses a certificate that is not valid for nc.example.com. The certificate is only valid for the following names: *.example.com, example.com"

I get pretty much the same result if I use a certificate just issues for nc.example.com or for "nc.example.com,example.com".

Probably related, but with different results, if I use a certificate issued to "nc.example.com,*.nc.example.com", Firefox immediately tries to go to www.nc.example.com, which doesn't exist.

Note I have looked at the results of clicking on SSL_ERROR_BAD_CERT_DOMAIN in the error page and did a character-by-character comparison of the PEM format certificate displayed there with the actual full chain PEM certificate file on the web server and they are identical.

A message that the browser doesn't trust a site because it has a certificate not valid for SITE-A, and then says the certificate is only valid for SITE-A sure seems like a bug to me.

I run a little server at (let's call it) nc.example.com, for external access I use Cloudflare tunnel/proxy and have no issues, but for internal LAN access I have a little nginx reverse proxy with a Let's Encrypt certificate on it and custom internal DNS. With Firefox (only Firefox; curl, Chrome, and Edge have no problem), the first time I browse to the site (after opening Firefox, of after not interacting with the site for a couple of minutes) I get the SSL_ERROR_BAD_CERT_DOMAIN error after a wait of about 30 seconds, the site uses HSTS, so Firefox refuses to talk to it. Pressing Ctrl-F5 after getting the error loads the site as if nothing happened. What is really annoying is that the Advanced info shows "Firefox does not trust this site because it uses a certificate that is not valid for nc.example.com. The certificate is only valid for the following names: *.example.com, example.com" I get pretty much the same result if I use a certificate just issues for nc.example.com or for "nc.example.com,example.com". Probably related, but with different results, if I use a certificate issued to "nc.example.com,*.nc.example.com", Firefox immediately tries to go to www.nc.example.com, which doesn't exist. Note I have looked at the results of clicking on SSL_ERROR_BAD_CERT_DOMAIN in the error page and did a character-by-character comparison of the PEM format certificate displayed there with the actual full chain PEM certificate file on the web server and they are identical. A message that the browser doesn't trust a site because it has a certificate not valid for SITE-A, and then says the certificate is only valid for SITE-A sure seems like a bug to me.

Krejt Përgjigjet (1)

Andy Kruger
Andy Kruger I zoti i pyetjes
more options

A follow-on to this. I decided to create a Windows virtual machine on my computer (I use Linux) and installed Firefox in that. In the Windows VM, Firefox had no problem accessing the site.

So my next investigation step was to open the .mozilla folder in my Linux home directory and rename the firefox directory to something else, forcing a new profile to be created. The new profile also has no problem opening the site. When I remove the new firefox directory created for the new profile and rename the old one back to firefox, I have the problem again.

Clearly there is something in my Firefox profile causing this. I really don't want to lose over a year of setup I've done in my proper Firefox profile, so I don't just want to dump it and start over. Is there a specific file I can try deleting/renaming to see if it solves the issue without losing my whole profile?

E dobishme?

Bëni një pyetje

Duhet të bëni hyrjen te llogaria juaj që t’i përgjigjeni postimeve. Ju lutemi, filloni me një pyetje të re, nëse nuk keni ende një llogari.