We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Most sites will not connect due to security issues

more options

I am running Firefox 126.0-1 on an Arch Linux system. Most websites are failing to connect for security reasons.

Some sites, including google.com and nytimes.com, fail with an "SEC_ERROR_UNKNOWN_ISSUER" error, and their certificates confirm that they are respectively issued by Google Trust Services LLC and DigiCert Inc.

The website archlinux.org errors with "MOZILLA_PKIX_ERROR_MITM_DETECTED", stating that "Software is Preventing Firefox From Safely Connecting to This Site", citing in particular ISRG Root X1 as the problem. The certificate confirms that it is issued by Let's Encrypt.

The website duckduckgo.com simply errors with "SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID" and states "Secure Connection Failed"

I have confirmed in preferences that my proxy settings are set to "No proxy" and the problem persists across troubleshooting mode and making a new profile. I have also tried removing the cert9.db file in a given profile folder.

I am running Firefox 126.0-1 on an Arch Linux system. Most websites are failing to connect for security reasons. Some sites, including google.com and nytimes.com, fail with an "SEC_ERROR_UNKNOWN_ISSUER" error, and their certificates confirm that they are respectively issued by Google Trust Services LLC and DigiCert Inc. The website archlinux.org errors with "MOZILLA_PKIX_ERROR_MITM_DETECTED", stating that "Software is Preventing Firefox From Safely Connecting to This Site", citing in particular ISRG Root X1 as the problem. The certificate confirms that it is issued by Let's Encrypt. The website duckduckgo.com simply errors with "SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID" and states "Secure Connection Failed" I have confirmed in preferences that my proxy settings are set to "No proxy" and the problem persists across troubleshooting mode and making a new profile. I have also tried removing the cert9.db file in a given profile folder.
Attached screenshots

Chosen solution

Solution: the file /usr/share/ca-certificates/trust-source/mozilla.trust.p11-kit had been orphaned from the archlinux package ca-certificates-mozilla, so reinstalling the package and overwriting that file fixed the problem.

Read this answer in context 👍 2

All Replies (2)

more options

Update: Clearing my cache makes all of the errors the ISRG Root X1 Error.

more options

Chosen Solution

Solution: the file /usr/share/ca-certificates/trust-source/mozilla.trust.p11-kit had been orphaned from the archlinux package ca-certificates-mozilla, so reinstalling the package and overwriting that file fixed the problem.