SSL_ERROR_BAD_CERT_DOMAIN recently started happening with email links
Hi all,
Recently (started last week I think) some links from emails have been giving me the "Warning: Potential Security Risk Ahead" page with the error message "SSL_ERROR_BAD_CERT_DOMAIN". These emails never used to give me this message, so has there been a change in a recent Firefox update which caused this?
I've tried on different computers, different profiles, different networks, different Firefox versions (release, portable release and develop edition) and I get the message in all of them so it doesn't appear to be a problem with my particular browser configuration. Well, I actually don't get the message on Android (Fenix nightly custom tab) but I do get it on all desktop configurations I tried.
It appears that the message is valid - the domain doesn't match the domain in the certificate. But why has this only just started happening on multiple emails from different sources? Is the browser trying to process the certificate before the redirect finishes? I looked on Bugzilla but didn't find any relevant bugs (maybe I wasn't looking for the right thing though).
And how to stop getting these messages without having to add an exception for these domains?
Thanks
All Replies (9)
- MOZILLA_PKIX_ERROR_MITM_DETECTED
- uses an invalid security certificate SSL_ERROR_BAD_CERT_DOMAIN
- configured their website improperly
How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own.
https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can
https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites
https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
https://support.mozilla.org/en-US/kb/connection-untrusted-error-message
Websites don't load - troubleshoot and fix error messages
Thanks for the bunch of links. I did actually search the support site and try various things suggested before I posted here.
Are this bookmarked links and are there specific sub domains specified in the link that may not be valid anymore ?
You should always be cautious with bookmarking special links.
Hi cor-el,
No they're not bookmarked, they're from emails: circulars, weekly updates, notifications from forums, that sort of thing. I'm sure they are supposed to redirect to the end site but are getting stuck somehow in intermediate bulk email sender's domain and that's when Firefox says the certificates don't match.
What common thing could cause this problem across different machines, different networks, different browser versions and even different profiles? The different machines are my work laptop and my desktop. The different networks are my home and my work VPN from my home.
Cheers
Please copy some of the links from the messages and post them here.
Hi FredMcD,
Here are some links:
- Bulleted list itemhttp://email.maplin.co.uk/_act/get_rcr.php?A9409133934835892087514673zzzzz649a3226793d4f2b4f7cd490a998e54da4d53df9cb5bb52b41a854b65b9b926524 (ironically this was to unsubscribe from the mailing list!): The certificate is only valid for *.pure360.com
- http://click.topgear.bbc.com/?qs=b6a8fe5177149641083fd622e2eab378ca8207b1880ffb26d8030ae5eff3101fb8d23933d11c66cc1cb5d9007a0d63a79ce238f01abc22cf The certificate is only valid for origin-click.s6.exacttarget.com
- Another is a forum login link which clearly has a token in the URL so I won't post it here but the message about the domains is "Firefox does not trust this site because it uses a certificate that is not valid for url1845.hmdglobal.com. The certificate is only valid for the following names: *.sendgrid.net, sendgrid.net".
Cheers
I had no problem with those links.
Hi all,
I methodically worked through some of the suggestions from the links in the first reply but most of those links are clearly not relevant to my case considering what I wrote in my OP. However, I tried again to load this links with other profiles in different browser versions and this time it worked, but I have no idea why it was different this time. I tried safe mode and it worked (probably should have tried that before). I then tried disabling my add-ons one by one and this actually didn't fix the problem, so it was not clear to me why safe mode had worked.
I then went back to the only page which is actually related to my error message, and worked my way through it. The fix was actually (not linked above) a corrupted certificate store (I can't post the link, what a joke).
I renamed cert9 db and reloaded and this time the page loaded fine. All the links above load fine now. Note, There may be a bug in the forum software as it stopped me posting the proper filename with the . before the extension.
Oddly, I had actually tried this before as well, I just suppose this shows it's worth trying things more than once sometimes in case one doesn't do them properly!
Final note: I found the first reply very off-putting, not helpful - it's a bunch of links I saw more than once elsewhere when originally searching the support pages for solutions. Posting a "standard script" post in reply to someone gives the impression that you think the person seeking help is "just another stupid user" and that you've not taken the time to properly read what they've written. This is what I expect from commercially run support teams and places like the (truly awful most of the time, full of people just seeking the "accepted solution" points) Microsoft community support forums. I did not expect this kind of attitude from the excellent volunteers on the Mozilla support form. I hope this was just minor glitch due to lack of time on your part.
Regardless, thanks for taking the time to reply and test the links I had problems with, that did at least show it was a problem with how I configure Firefox or my local network or ISP.
Cheers :)
Modified by madbilly
Hi madbilly, thank you for reporting back and sorry about the newly implemented "link" filter -- it seems to block any period with a character other than a space on both sides. Hopefully that will get sorted out soon, for everyone's sanity.