Mozilla OCSP fail


This can be “fixed” by going to about:config and setting “security.ssl.enable_ocsp_stapling” to false.

Not sure why it has just started though. Nothing changed in my browser or setup - indeed I only notied when trying to view a topic in an already open browser window.

I’ve been having problems with the forum when using Firefox on both Windows and Android. Works fine on Brave (windows) and Vivaldi (android) so I’ve not worried about it.

This can appear when you’re trying to access a website using Mozilla Firefox. It typically means that the site has a missing or invalid Secure Sockets Layer (SSL) certificate.

It might, I don’t have a site without a valid certificate to check - but in this case it does not mean the certificate is invalid - I can see that it has a perfectly good certificate from Lets Encrypt

But something is making Firefox sulk, and disabling OCSP stapling fixes the problem at the cost of a little more traffic to the CA.

No issues here with Firefox 115.6.0 (latest) on Mac OS X. Are you on Microdaft Weirdows? :slight_smile:

1 Like

No Fedora 36/Firefox 107

Yes, those are a bit old now, for “reasons” :slight_smile:

1 Like

Now that I’m back at home and using the main PC, not the VM I log into from work all seems fine (Firefox 121, Fedora 38).

Must be a glitch with that particular version of Firefox.

Talking about mysterious glitches, after using my internet radio for a couple of weeks in the salle because of bad morning reception of satellite signals, it is now returned to the bedroom mainly unused.

But every night at midnight it switches itself on. :astonished:
Got to find a quiet moment to read through the instructions. :roll_eyes:

I see an expired LE cert.


I don’t - though I note that the current one was renewed yesterday.


Curious… it seems to only be Chrome that’s showing the expired cert. Using a different browser shows the same validity period as your screenshot. Stupid Chrome!

Which is odd as a site like SF gets updated very frequently so it can’t be holding an old version of the page in its cache?

Have you tried forcing a complete page refresh by holding down the shift key when you refresh the page?

Good idea. I’d not tried that, so just did it (to be honest, I wasn’t sure whether forcing a refresh updated the cert as well as the browser cache so was curious to find out). Here’s what happened:

The cert showed that it got refreshed and now shows the correct validity period…

I then closed the browser, and when I reopened it and navigated to SF again, I noticed that the old expired cert was showing again :smiley:

It’s seemingly just a bug in Chrome because it recognises that the cert is genuinely valid, i.e. I don’t get any warnings despite Chrome showing it expired last month. I googled it and saw a post on the LE forum that talks about the same thing (and how it doesn’t manifest itself if using incognito mode, which I just tested and can confirm)… but in that case they’d replaced a cert that was initially issued as a PWA so not sure it’s actually that relevant :man_shrugging:

I guess if I really wanted to I could simply remove the SF cert via certmgr and force a reinstall but tbh I’m not bothered about this because 1) it’s only occurring in Chrome on 1 machine that’s running Windows and most of the time I use Linux , and b) it doesn’t stop me doing anything. Plus I’m inherently lazy and would rather spend the time making a cup of tea :slight_smile:

1 Like

I see this as well with Chrome, but Chrome still says that the certificate is valid. Huh :thinking:

Edit : Should have read further … again. Page refresh works for me as well.

This didn’t happen for me. The new, correct cert validity period was still there.

Chrome Version 120.0.6099.130 (Official Build) (64-bit) on Windows 11