Let's Encrypt issues after certificate renewal


#1

Hi.

After today’s Let’s Encrypt certificate renewal, I get the following in Firefox 54.0.1 (Windows 7) …

[code]Your connection is not secure

The owner of www.mysite.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

Learn more …

Report errors like this to help Mozilla identify and block malicious sites

www.mysite.com uses an invalid security certificate.

The certificate is only valid for mysite.com

Error code: SSL_ERROR_BAD_CERT_DOMAIN[/code]

I don’t have any antivirus software installed.
The system time is correct.
It only happens with my Dreamhost site. Other https:// sites (also with self-encrypted certificates) work fine.
It only happens with Firefox 54.0.1 on my Windows 7 system.
When I use an Ubuntu installation with Firefox 54.0.1, all works fine.
When I use IE 11.0.44 on the same Windows 7 system, it also works.
Is this somehow related to the new Let’s Encrypt certificate from DH or some DH HSTS setup?

Did something change … ?!

[hr]

This did the job, though I don’t really know what happened …

[code]How to Delete HSTS Settings in Firefox:

We will cover two different methods for deleting HSTS settings in Firefox. The first method should work in most cases – but we also included a manual option if needed.

Close all open tabs in Firefox.
Open the full History window with the keyboard shortcut Ctrl + Shift + H (Cmd + Shift + H on Mac). You must use this window or the sidebar for the below options to be available.
Find the site you want to delete the HSTS settings for – you can search for the site at the upper right if needed.
Right-click the site from the list of items and click Forget About This Site.This should clear the HSTS settings (and other cache data) for that domain.
Restart Firefox and visit the site. You should now be able to visit the site over HTTP/broken HTTPS.

…[/code]


#2

you don’t specify what the domain is so we can’t really check what happened… You shouldn’t need to delete anything from Firefox, sounds weird to me that you had to go through that. If you share your domain name we can give a look.


#3

It was more a general question.

Also I was not sure whether it was DH or Firefox related.

But it revealed to be Firefox related at the end. Yes, you are right. It also sounded weird to me that I had to delete HSTS settings (didn’t even know that such a things exists). The domain worked fine on my Ubuntu Firefox, IE, iPhone … it was just this particular Windows 7 Firefox installation which generated this error.


#4

Thanks for sharing more details. Glad to read that you have isolated the issue to a single machine: it makes more sense now that you had to manipulate Firefox directly.