SSL_ERROR_BAD_CERT_DOMAIN only when click link, but not when type URL
When I click a link to https://drive-image.com, Firefox gives me the security error:
Warning: Potential Security Risk Ahead Firefox detected a potential security threat and did not continue to drive-image.com. Firefox does not trust this site because it uses a certificate that is not valid for drive-image.com. The certificate is only valid for the following names: secure.r-tt.com, www.drive-image.com, www.r-studio.com, www.r-tt.com, www.r-undelete.com, www.r-wipe.com
Error code: SSL_ERROR_BAD_CERT_DOMAIN
But here's what makes it so bizarre: Clicking the link gives the error, but if I type that URL into the address bar, it works perfectly fine. I can even right-click the link > Open Link in New Tab (or Window) and it works fine. I originally found this because I searched "r drive image" in DuckDuckGo and that link was the first result. But it also happens in a very simple test HTML page I wrote, which just contains a link to that page.
When drive-image.com is loaded, it immediately redirects, so that the page actually shown is https://www.drive-image.com/.
Some more info:
- This is on my laptop (Windows 10 Home 64-bit), in Firefox (up to date, 113.0.2 (64-bit)).
- It also happens in latest Mullvad Browser, which is based on Firefox codebase.
- Also happens on my other computer, running Windows 10 Home 64-bit, in Firefox and Mullvad Browser.
- I created a new profile and it still happens using that.
- I turned off uBlock and Ghostery extensions, it still happens.
- I added an exception in Firefox Settings: Enhanced Tracking Protection for drive-image.com and it still happens.
- It does not happen in Chrome or Edge.
- It happens with my VPN connected or disconnected, on both computers, which use different VPN servers when connected.
I've gotten the infrequent security error clicking what looks like a legitimate link before and shrugged it off, going elsewhere. But this time knowing the site was legit, I messaged their support and eventually ended up at this point after much investigating, and suspect something serious is amiss.
Images of the error are attached, along with an image of my test page's text if that matters (since I can't attach a text file).
Does anyone else get this error by clicking a link to that site? Is this a Firefox bug/issue, or an actual problem with their website/certificate?
Modified
All Replies (2)
Server redirects only work with the http protocol, so https://drive-image.com/ can't redirect to the www. prefixed website (https://www.drive-image.com/). You would have to use http://drive-image.com/ although for me Firefox redirects automatically.
Start Firefox in Troubleshoot Mode to check if one of the extensions ("3-bar" menu button or Tools -> Add-ons -> Extensions) or if hardware acceleration or if userChrome.css/userContent.css is causing the problem.
- switch to the Default System theme: "3-bar" menu button or Tools -> Add-ons -> Themes
- do NOT click the "Refresh Firefox" button on the Troubleshoot Mode start window
- https://support.mozilla.org/en-US/kb/diagnose-firefox-issues-using-troubleshoot-mode
- https://support.mozilla.org/en-US/kb/troubleshoot-extensions-themes-to-fix-problems
You can remove all data stored in Firefox for a specific domain via "Forget About This Site" in the right-click context menu of an history entry ("History -> Show All History" or "View -> Sidebar -> History").
Using "Forget About This Site" will remove all data stored in Firefox for this domain like history and cookies and passwords and exceptions and cache, so be cautious. If you have a password or other data for that domain that you do not want to lose, make sure to backup this data or make a note.
You can't recover from this 'forget' unless you have a backup of involved files.
If you revisit a 'forgotten' website, data for that website will be saved once again.
Thanks. I tried Troubleshooting Mode and did "Forget about this site", but I still get the error. I even did "Refresh Firefox", but still get the same error. Is there something else to check?
Could someone else please try clicking "https://drive-image.com" (so it just goes to that in the same tab), and let me know if they get a security error or if the site loads fine? And if they end up at drive-image.com or www.drive-image.com? So I can be sure it's just happening to me and not other people. Or you can use DuckDuckGo and search "r drive image". This same URL is the first link.
Okay, I see what you mean about https redirect. When I click "https://drive-image.com" (and "Accept the risk and continue"), that is the site that comes up. However, if I enter "https://drive-image.com" directly into the address bar, that does end up loading the www site (https://www.drive-image.com/). Same thing with right-click > Open link in new tab. Which explains why those work even when the regular click does not. Is that address switch expected behavior when typing the address directly or doing a right-click?