This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

SEC_ERROR_UNKNOWN_ISSUER on https://discordapp.com

more options

Firefox refuses to visit https://discordapp.com, complaining about SEC_ERROR_UNKNOWN_ISSUER. Upon inspection of the certificates, the root CA is "COMODO ECC Certification Authority" - Serial Number 16:E5:86:78:E0:70:94:39:4B:DF:DB:4E:FC:A6:3B:DF.

The Firefox certificate manager contains a trusted entry for "COMODO ECC Certification Authority", however it is a different cert with serial number 1F:47:AF:AA:62:00:70:50:54:4C:01:9E:9B:63:99:2A.

I'm wondering what's the cause of this situation? Did Comodo recently change certificates? Can somebody else check which version of the "COMODO ECC Certification Authority" is shipped with their FF?

Firefox refuses to visit https://discordapp.com, complaining about SEC_ERROR_UNKNOWN_ISSUER. Upon inspection of the certificates, the root CA is "COMODO ECC Certification Authority" - Serial Number 16:E5:86:78:E0:70:94:39:4B:DF:DB:4E:FC:A6:3B:DF. The Firefox certificate manager contains a trusted entry for "COMODO ECC Certification Authority", however it is a different cert with serial number 1F:47:AF:AA:62:00:70:50:54:4C:01:9E:9B:63:99:2A. I'm wondering what's the cause of this situation? Did Comodo recently change certificates? Can somebody else check which version of the "COMODO ECC Certification Authority" is shipped with their FF?

Chosen solution

I have the same Comodo root certificate as you. If there are certificate issue then this is more likely an issue with the intermediate certificate, in this case "COMODO ECC Domain Validation Secure Server CA 2".

You can try to rename the cert9.db file (cert9OLD.db) and remove the previously used cert8.db file in the Firefox profile folder with Firefox closed to remove intermediate certificates and exceptions that Firefox has cached.

If this has helped to solve the problem then you can remove the renamed cert9OLD.db file. Otherwise you can undo the rename and restore cert9.db.

You can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.

Read this answer in context 👍 1

All Replies (2)

more options

Chosen Solution

I have the same Comodo root certificate as you. If there are certificate issue then this is more likely an issue with the intermediate certificate, in this case "COMODO ECC Domain Validation Secure Server CA 2".

You can try to rename the cert9.db file (cert9OLD.db) and remove the previously used cert8.db file in the Firefox profile folder with Firefox closed to remove intermediate certificates and exceptions that Firefox has cached.

If this has helped to solve the problem then you can remove the renamed cert9OLD.db file. Otherwise you can undo the rename and restore cert9.db.

You can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.

more options

cor-el said

If there are certificate issue then this is more likely an issue with the intermediate certificate, in this case "COMODO ECC Domain Validation Secure Server CA 2". You can try to rename the cert9.db file (cert9OLD.db) and remove the previously used cert8.db file in the Firefox profile folder with Firefox closed to remove intermediate certificates and exceptions that Firefox has cached.

Deleting cert9.db has indeed resolved the problem. Now FF displays 1F:47:AF:... as root signatory of the discordapp.com certificate. Interestingly, only deleting the cached intermediate certificate (COMODO ECC Domain Validation Secure Server CA 2) in the certificate manager was not enough. So I'm still quite clueless how exactly this issue was caused. Anyway, thanks for your help.