New server cert not recognized by firefox
Note: I control the server. The following is noted on the client:
Your connection is not secure
The owner of [myDomain] has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
And yet, an online cert checker states: Congratulations! This certificate is correctly installed.
So, the obvious answer is it's a caching problem. I found 2 cookies from the old domain that I deleted and then cleared the cache. No luck. *Yes, old domain as I now have a new domain. It sees the old cert for the old domain, which I have revoked and deleted with "certbot revoke". Using Letsencrypt on ubuntu 16.04
Thank you in advance for any help!
Solução escolhida
So how's this for strange and obscure but true solutions? I had an ipv6 DNS record defining the domain IP address as ::1. Deleting that record resolved the certificate problem, I now see the current cert. Thanks for everything!
Ler esta resposta 👍 1Todas as respostas (7)
I should probably mention that someone else took a look at my page and gets the correct cert, it's just me having the problem.
If you are using the new host name, I don't understand why Firefox would receive a certificate for the old host name. If you try a private window, does that make any difference? A private window bypasses the regular browser cache was well as cookies.
@jscher2000 I also don't understand and that's a great idea! Unfortunately it made no difference. Problem remains even in private window.
Is your cert db in firefox still containing the old cert? was the old or new cert a wildcard or even on a common ip, i.e on a amazon VPS where you push content to the amazon provided IP, however the content resides on a locally managed server?
cert db in firefox... I was thinking there had to be such a thing.... where do I find it? How do I edit it to remove the old cert?
I'm not sure how to answer your question about a common IP. I'm not using Amazon, just a normal VPS provider. No wild cards.
Solução escolhida
So how's this for strange and obscure but true solutions? I had an ipv6 DNS record defining the domain IP address as ::1. Deleting that record resolved the certificate problem, I now see the current cert. Thanks for everything!
Thanks for reporting back. I haven't learned anything about IPv6 DNS records, so definitely would never have thought of that.