Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

SSL_ERROR_BAD_CERT_DOMAIN recently started happening with email links

  • 9 replies
  • 1 has this problem
  • 47 views
  • Last reply by jscher2000

more options

Hi all,

Recently (started last week I think) some links from emails have been giving me the "Warning: Potential Security Risk Ahead" page with the error message "SSL_ERROR_BAD_CERT_DOMAIN". These emails never used to give me this message, so has there been a change in a recent Firefox update which caused this?

I've tried on different computers, different profiles, different networks, different Firefox versions (release, portable release and develop edition) and I get the message in all of them so it doesn't appear to be a problem with my particular browser configuration. Well, I actually don't get the message on Android (Fenix nightly custom tab) but I do get it on all desktop configurations I tried.

It appears that the message is valid - the domain doesn't match the domain in the certificate. But why has this only just started happening on multiple emails from different sources? Is the browser trying to process the certificate before the redirect finishes? I looked on Bugzilla but didn't find any relevant bugs (maybe I wasn't looking for the right thing though).

And how to stop getting these messages without having to add an exception for these domains?

Thanks

All Replies (9)

more options
  • MOZILLA_PKIX_ERROR_MITM_DETECTED
  • uses an invalid security certificate SSL_ERROR_BAD_CERT_DOMAIN
  • configured their website improperly

How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER


There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own.

https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can

https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites

https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message

https://support.mozilla.org/en-US/kb/connection-untrusted-error-message

Websites don't load - troubleshoot and fix error messages

http://kb.mozillazine.org/Error_loading_websites

What do the security warning codes mean

more options

Thanks for the bunch of links. I did actually search the support site and try various things suggested before I posted here.

more options

Are this bookmarked links and are there specific sub domains specified in the link that may not be valid anymore ?

You should always be cautious with bookmarking special links.

more options

Hi cor-el,

No they're not bookmarked, they're from emails: circulars, weekly updates, notifications from forums, that sort of thing. I'm sure they are supposed to redirect to the end site but are getting stuck somehow in intermediate bulk email sender's domain and that's when Firefox says the certificates don't match.

What common thing could cause this problem across different machines, different networks, different browser versions and even different profiles? The different machines are my work laptop and my desktop. The different networks are my home and my work VPN from my home.

Cheers

more options

Please copy some of the links from the messages and post them here.

more options

Hi FredMcD,

Here are some links:

Cheers

more options

I had no problem with those links.

more options

Hi all,

I methodically worked through some of the suggestions from the links in the first reply but most of those links are clearly not relevant to my case considering what I wrote in my OP. However, I tried again to load this links with other profiles in different browser versions and this time it worked, but I have no idea why it was different this time. I tried safe mode and it worked (probably should have tried that before). I then tried disabling my add-ons one by one and this actually didn't fix the problem, so it was not clear to me why safe mode had worked.

I then went back to the only page which is actually related to my error message, and worked my way through it. The fix was actually (not linked above) a corrupted certificate store (I can't post the link, what a joke).

I renamed cert9 db and reloaded and this time the page loaded fine. All the links above load fine now. Note, There may be a bug in the forum software as it stopped me posting the proper filename with the . before the extension.

Oddly, I had actually tried this before as well, I just suppose this shows it's worth trying things more than once sometimes in case one doesn't do them properly!

Final note: I found the first reply very off-putting, not helpful - it's a bunch of links I saw more than once elsewhere when originally searching the support pages for solutions. Posting a "standard script" post in reply to someone gives the impression that you think the person seeking help is "just another stupid user" and that you've not taken the time to properly read what they've written. This is what I expect from commercially run support teams and places like the (truly awful most of the time, full of people just seeking the "accepted solution" points) Microsoft community support forums. I did not expect this kind of attitude from the excellent volunteers on the Mozilla support form. I hope this was just minor glitch due to lack of time on your part.

Regardless, thanks for taking the time to reply and test the links I had problems with, that did at least show it was a problem with how I configure Firefox or my local network or ISP.

Cheers :)

Modified by madbilly

more options

Hi madbilly, thank you for reporting back and sorry about the newly implemented "link" filter -- it seems to block any period with a character other than a space on both sides. Hopefully that will get sorted out soon, for everyone's sanity.