Can't reach many website, including Mozilla.org - "we could not verify the certificate: reason = timeout"
Something is going on with Firefox. Web pages will not load, and the error message is "we could not verify the certificate: reason = timeout".
My internet speed is 400Mbps. I don't have a delay here. I've rebooted the PC, restarted Firefox, and about 3 out of every 5 web pages comes up with this error.
I couldn't even get to the Mozilla support site with Firefox. I had to use a different browser.
What's going on?
Ed
Ọ̀nà àbáyọ tí a yàn
Hello zeroknight, cor-el, jscher2000, and TyDraniu,
Thank you all for your help.
I followed all your suggestions, and, only because they took a week to answer my question, it turned out that Vipre Advanced Security had, during an update, turned on Web Filtering, which caused all my Website access issues. I had found the policy files after zeroknight's policy-checking suggestion, and sent Vipre Support a ticket, but had to shake their tree today to get the answer.
Turning Web Filtering off solved the website access and timeout issues.
I can even submit my reply on the Mozilla.org website this time.
Thank you all for all your help.
Ed
Ka ìdáhùn ni ìṣètò kíkà 👍 1All Replies (17)
Do you use a proxy? Try to switch to No proxy in Network Settings.
No, I don't use a proxy server. Even though, I could not respond to your post without using a different browser, because I received the "we could not verify the certificate: reason = timeout" error.
Thank you for your suggestion.
It started earlier this week. Was there an update recently?
Ed
Try changing DNS over HTTPS (DoH) to "Off" or "Max Protection".
Does it still happen in Troubleshoot Mode?
Hello zeroknight,
Yes, I already did turn DNS over HTTP to off. Max Protection is also Off.
Yes, when trying to reply to you it did respond with the timeout message.
I am using another browser to answer you now.
Thanks.
Ed
To see whether this is a problem with OCSP lookups -- the feature that check whether a site's certificate has been revoked -- you could temporarily turn off OCSP lookups for most sites (although this does reduce safety):
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
More info on about:config: Configuration Editor for Firefox. The moderators would like us to remind you that changes made through this back door aren't fully supported and aren't guaranteed to continue working in the future.
(2) In the search box in the page, type or paste ocsp and pause while the list is filtered
Firefox should display about 10 rows of matches.
(3) Double-click the security.OCSP.enabled preference to display an editing field, and change the value to 2 then press Enter or click the blue check mark button to save the change. With this change, instead of sending an OCSP lookup for all kinds of certificates, Firefox will only check for higher-security Extended Validation certificates.
(4) Make sure that this preference has its default value of false:
- security.OCSP.require
If the preference is bolded and has a value of true, double-click it (or click the Toggle button or Reset button at the right end of the row) to restore the default value of false
(5) Make sure that these two preferences have their default value of true:
- security.ssl.enable_ocsp_must_staple
- security.ssl.enable_ocsp_stapling
If either preference is bolded and has a value of false, double-click it (or click the Toggle button or Reset button at the right end of the row) to restore the default value of true
Then try again. Any difference?
Hello jscher2000,
Thanks for your instructions.
The only setting in the list you provided was to change the security.OCSP.enabled setting from 1 to 2.
The other settings were as you expected them.
I then tried to reply to this thread with Firefox, and got the "we could not verify the certificate: reason = timeout" error.
I closed Firefox and restarted it. Again, I got the "we could not verify the certificate: reason = timeout" error when I tried to reply to this thread.
So, still searching for the answer.
Thanks for the suggestions. Should I reverse the security.OCSP.enabled setting back to 1?
Thanks.
Ed
Yes, reset security.OCSP.enabled to its default value of 1.
See also:
Try to rename the cert9.db file (cert9OLD.db) and remove a possible previously used cert8.db file in the Firefox profile folder with Firefox closed to remove intermediate certificates and exceptions that Firefox has cached.
If this has helped to solve the problem then you can remove the renamed cert9OLD.db file. Otherwise you can undo the rename and restore cert9.db.
You can use the button on the "Help -> More Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page (Root directory).
- Help -> More Troubleshooting Information -> Profile Folder/Directory:
Windows: Open Folder; Linux: Open Directory; Mac: Show in Finder - https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data
Hi cor-el,
That did not solve the problem. A new cert9.db file was created when I restarted Firefox, but I could not get to this website to answer through Firefox.
I am learning more about the inner workings of Firefox, though.
I'm wondering if a total uninstallation/reinstallation would be in order? I am running 123.0 (64-bit) on Windows 10 Pro 22H2 Build 19045.4046. When I verified the version of Firefox, the update checker returned a message "Failed to check for updates."
Perhaps something has become corrupted? Is there a Firefox removal tool that would ensure I would be doing a clean install if that's what you recommend?
Thanks.
Ed
One method to suss out an issue with settings or add-ons is:
New Profile Test
This takes about 3 minutes, plus the time to test your problem site(s).
Inside Firefox, type or paste about:profiles in the address bar and press Enter/Return to load it.
Take a quick glance at the page and make a mental note of which Profile has this notation: This is the profile in use and it cannot be deleted. That is your current default profile.
Click the "Create a New Profile" button, then click Next. Assign a name like Test2024, ignore the option to relocate the profile folder, and click the Finish button.
Firefox will switch your default profile to the new one, so click the Set as Default Profile button for your regular one to avoid an unwanted surprise at your next startup.
Scroll down to Test2024 and click its Launch profile in new browser button.
Firefox should open a new window that looks like a brand new, uncustomized installation. (Your existing Firefox window(s) should not be affected.) Please ignore any tabs enticing you to connect to a Sync account or to activate extensions found on your system to get a clean test.
Can you connect with secure sites in the new profile?
When you are done with the experiment, you can close the extra window without affecting your regular Firefox profile. (Test2024 will remain available for future testing.)
You can do a malware scan, just to be sure.
Hello jscher2000,
The new profile does not allow me access to any more secure websites than before.
For example, I can access Google and Microsoft sites, and they are https sites. I cannot access other sites, including this one, with Firefox, even using the new profile.
cor-el suggested scanning for malware, and I had to copy his link to the alternate browser just to be able to read the page. Since it recommends scanning with several different anti-malware applications, I am not going to begin that tonight. Will probably start that process tomorrow.
No one else has reported this phenomenon?
Thanks for your help.
Ed
What security software do you have?
Boot the computer in Windows Safe Mode with network support to see if that has effect.
Visit about:policies in the address bar to see if there are any active enterprise policies.
Hi cor-el,
I use Vipre Advanced Security on all my machines. Already did the deep scan with Vipre and no anomalies were reported.
Ọ̀nà àbáyọ Tí a Yàn
Hello zeroknight, cor-el, jscher2000, and TyDraniu,
Thank you all for your help.
I followed all your suggestions, and, only because they took a week to answer my question, it turned out that Vipre Advanced Security had, during an update, turned on Web Filtering, which caused all my Website access issues. I had found the policy files after zeroknight's policy-checking suggestion, and sent Vipre Support a ticket, but had to shake their tree today to get the answer.
Turning Web Filtering off solved the website access and timeout issues.
I can even submit my reply on the Mozilla.org website this time.
Thank you all for all your help.
Ed
Hi Ed, thank you for reporting back.
Hopefully they'll find a way to make their filtering compatible with Firefox.