To make a long story short, Firefox checks each web server's certificate against a list of "trusted" signing certificates. If the webserver's certificate was NOT signed by one of those, Firefox expects the webserver to send the signing certificate. And if necessary ''its'' signing certificate, forming a chain of trust all the way up to a trusted root certificate. That server is sending only its own certificate. Screen shot attached showing what I mean. So what should you do? Firefox does allow you to make exceptions and trust certificates even when you can't be sure that they are legit because there isn't a chain of trust. You can find that at the bottom of the error page under "I understand the risks". However, it would be better/safer if we knew for sure that this server hasn't been hijacked before making an exception. Because nowadays, stuff happens to government websites.