Just started to get MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING errors in Firefox
This can be “fixed” by going to about:config and setting “security.ssl.enable_ocsp_stapling” to false.
Not sure why it has just started though. Nothing changed in my browser or setup - indeed I only notied when trying to view a topic in an already open browser window.
I’ve been having problems with the forum when using Firefox on both Windows and Android. Works fine on Brave (windows) and Vivaldi (android) so I’ve not worried about it.
This can appear when you’re trying to access a website using Mozilla Firefox. It typically means that the site has a missing or invalid Secure Sockets Layer (SSL) certificate.
See fully: How To Fix MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING
It might, I don’t have a site without a valid certificate to check - but in this case it does not mean the certificate is invalid - I can see that it has a perfectly good certificate from Lets Encrypt
But something is making Firefox sulk, and disabling OCSP stapling fixes the problem at the cost of a little more traffic to the CA.
Talking about mysterious glitches, after using my internet radio for a couple of weeks in the salle because of bad morning reception of satellite signals, it is now returned to the bedroom mainly unused.
But every night at midnight it switches itself on.
Got to find a quiet moment to read through the instructions.
Curious… it seems to only be Chrome that’s showing the expired cert. Using a different browser shows the same validity period as your screenshot. Stupid Chrome!
Good idea. I’d not tried that, so just did it (to be honest, I wasn’t sure whether forcing a refresh updated the cert as well as the browser cache so was curious to find out). Here’s what happened:
The cert showed that it got refreshed and now shows the correct validity period…
It’s seemingly just a bug in Chrome because it recognises that the cert is genuinely valid, i.e. I don’t get any warnings despite Chrome showing it expired last month. I googled it and saw a post on the LE forum that talks about the same thing (and how it doesn’t manifest itself if using incognito mode, which I just tested and can confirm)… but in that case they’d replaced a cert that was initially issued as a PWA so not sure it’s actually that relevant
I guess if I really wanted to I could simply remove the SF cert via certmgr and force a reinstall but tbh I’m not bothered about this because 1) it’s only occurring in Chrome on 1 machine that’s running Windows and most of the time I use Linux , and b) it doesn’t stop me doing anything. Plus I’m inherently lazy and would rather spend the time making a cup of tea