New server cert not recognized by firefox
Note: I control the server. The following is noted on the client:
Your connection is not secure
The owner of [myDomain] has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
And yet, an online cert checker states: Congratulations! This certificate is correctly installed.
So, the obvious answer is it's a caching problem. I found 2 cookies from the old domain that I deleted and then cleared the cache. No luck. *Yes, old domain as I now have a new domain. It sees the old cert for the old domain, which I have revoked and deleted with "certbot revoke". Using Letsencrypt on ubuntu 16.04
Thank you in advance for any help!
วิธีแก้ปัญหาที่เลือก
So how's this for strange and obscure but true solutions? I had an ipv6 DNS record defining the domain IP address as ::1. Deleting that record resolved the certificate problem, I now see the current cert. Thanks for everything!
อ่านคำตอบนี้ในบริบท 👍 1การตอบกลับทั้งหมด (7)
I should probably mention that someone else took a look at my page and gets the correct cert, it's just me having the problem.
If you are using the new host name, I don't understand why Firefox would receive a certificate for the old host name. If you try a private window, does that make any difference? A private window bypasses the regular browser cache was well as cookies.
@jscher2000 I also don't understand and that's a great idea! Unfortunately it made no difference. Problem remains even in private window.
Is your cert db in firefox still containing the old cert? was the old or new cert a wildcard or even on a common ip, i.e on a amazon VPS where you push content to the amazon provided IP, however the content resides on a locally managed server?
cert db in firefox... I was thinking there had to be such a thing.... where do I find it? How do I edit it to remove the old cert?
I'm not sure how to answer your question about a common IP. I'm not using Amazon, just a normal VPS provider. No wild cards.
วิธีแก้ปัญหาที่เลือก
So how's this for strange and obscure but true solutions? I had an ipv6 DNS record defining the domain IP address as ::1. Deleting that record resolved the certificate problem, I now see the current cert. Thanks for everything!
Thanks for reporting back. I haven't learned anything about IPv6 DNS records, so definitely would never have thought of that.