According to SSLlabs, there is an issue with the certificate. I suggest you contact them to fix this.

However, you should still be able to add an exception using the Advanced button. Does the button for adding an exception not display, or is there another issue?

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

above is what I get, no way to add exception, which worked up until today.

and i can access the site with microsoft edge in windows 10, but edge is slow as molasses and sucks in other ways too

I got a different error message as well as the ability to add an exception. Given that and the fact the website currently seems to be down, my guess is someone is already working on the issue. I’d suggest to keep an eye on it and check and report back later.

microsoft edge browser has been accessing the site all day. firefox just up and quit allowing it.

Here's what it says for FF:

Your connection is not secure

The owner of www.dibbs.bsm.dla.mil has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

If you don't accept the update certificate then you won't get there from FF.

Please do not imply I’m telling nonsense. You can check for yourself here, here or here, unlesss the website is limited to some VPN connection. We have the same issue, the point may just be that you see the HSTS info where it currently does not appear to apply.

Also, IE/Edge is not a good reference. They might be using their cache.

Point is, there is something wrong with the website, so I would just await and/or contact them instead of blaming Firefox.

tonnes... I am not blaming firefox, I just want to know what changed. Its primarily one pc that has this issue.... I think its in the pc not the site. However, I won't have a bit of luck getting to change anything for me, so if I can't find whats wrong in firefox I am finding another preferred browswer.

Thank you for your input.

Instead of bouncing around trying to fix the setting that is the issue : uninstall Firefox. Then Delete the Mozilla Firefox Folders in C:\Program Files and C:\Program Files(x86) Then restart system. Then run Windows Disk Cleanup. (Note: This should be Pinned and run Weekly, If never done below expect 10's of gig's) Then run it again and click the button that says Cleanup System Files. Note: your Firefox Profile is saved. But you should make a back up before you do : https://support.mozilla.org/en-US/kb/back-and-restore-information-firefox-profiles

https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Reinstall with Current Release Firefox 57.0.2 with a Full Version Installer https://www.mozilla.org/firefox/all/

Please let us know if this solved your issue or if need further assistance.

WILLEO6709 said

... i suddenly lost the ability to add an exception.

Could you explain that a bit more. You find an Advanced button in the page, you click that, and... there's no Add Exception button? Is there any language explaining why not?

I've attached a screenshot that sows the certificate chain. The certificate is issued by "CN = DOD ID SW CA-37", so make sure you have all DoD certificates installed properly in the Firefox Certificate Manager under Authorities.

• Options/Preferences -> Privacy & Security -> Certificates: View Certificates

See "PKI CA Certificate Bundles: PEM Self-Extracting ZIP" (almost at the bottom of the page):

• https://iase.disa.mil/pki-pke/Pages/tools.aspx

Note that you lose installed certificates if you use the refresh feature in Firefox. In such a case you need to copy cert8.db from the "Old Firefox Data" folder on the desktop to the current profile folder.

• https://support.mozilla.org/en-US/kb/recovering-important-data-from-an-old-profile

You can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.

• Help -> Troubleshooting Information -> Profile Directory:
  Windows: Show Folder; Linux: Open Directory; Mac: Show in Finder
• http://kb.mozillazine.org/Profile_folder_-_Firefox

@WILLEO6709 Sorry for sounding a bit harsh earlier maybe.

Actually the (intermediate) certificate issue reported at SSLlabs (see link in first reply above) is covered in the How to troubleshoot security error codes on secure websites support article - see the Missing intermediate certificate section and “Chain issues: Incomplete” message at SSLlabs for more. That article also recommends contacting the owners, but that may be questionable for this type of websites given that you probably need to (re)import the certificate manually.

Also take note of any security software mentioned in that support article, though I don’t think this is related, unless (for the cause) it changed your certificate archive, or indeed a refresh or even launching a new profile did.

As for the website not being reachable by tools, your HSTS message appearing and therefor the missing Advanced button (asked above: it is, isn’t it?), that may be another story. Do note that you specifically need to enter https:// or timeouts will occur, at least when there is no HSTS issue. I don’t see the HSTS report in any case, except when testing in a new profile with current Nightly (59) - 56 and 57 do not display it (neither with a new profile for 56), which should allow to add an exception without adding certificates. I haven’t investigated any recent changes for this as you appear to be using 57, but you may be able to resolve that by removing the "SiteSecurityServiceState.txt" file in your profile folder when Firefox is closed, which should contain info about the (forced) use of it.

If you really want or need to add the intermediate certificate and in addition to the link provided above, you may find some more info on how to resolve the issue / install the missing intermediate certificate(s) here and here as well as in this question.

After installing the required certificate from the file cor-el linked to (the one with "...DoDRootCA3_withCAs_Firefox..." as explained in its README.txt file), I can reach the website normally without any error message or or the need to add an exception. Additionally, cert8.db (and key3.db) may now be called/migrated to newer cert9.db and key4.db if you can’t find the older ones, e.g. when not updated using an older profile. In case you do copy any of them, I think you need to copy both.