Windows 10 reached EOS (end of support) on October 14, 2025. For more information, see this article.

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Intermittent “SEC_ERROR_OCSP_INVALID_SIGNING_CERT” error on my site in Firefox

Tsurue
Tsurue
more options

Hello, I run a movie and drama-related website: https://tvmon.com.co/. Recently, I’ve noticed that Firefox occasionally throws the following error when trying to access the site:

"Secure Connection Failed An error occurred during a connection to tvmon.com.co. . The OCSP response contains an invalid signing certificate. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT"

This issue is very strange because:

  1. The site loads fine in Chrome, Edge, and Safari.
  1. My SSL/TLS certificate is valid, up-to-date, and passes external tests (SSL Labs, etc.).
  1. The error only appears occasionally in Firefox, refreshing sometimes fixes it, sometimes not.
  1. Hosting and server logs show no issues at all.

I suspect this is related to Firefox’s stricter OCSP validation, but I’m not sure how to debug or resolve it. Since my site streams drama and movie content, this error is frustrating for users who rely on Firefox.

Has anyone else experienced this intermittent OCSP signing certificate error? Is there a known fix or workaround for Firefox-specific validation issues?

Hello, I run a movie and drama-related website: https://tvmon.com.co/. Recently, I’ve noticed that Firefox occasionally throws the following error when trying to access the site: "Secure Connection Failed An error occurred during a connection to tvmon.com.co. . The OCSP response contains an invalid signing certificate. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT" This issue is very strange because: # The site loads fine in Chrome, Edge, and Safari. # My SSL/TLS certificate is valid, up-to-date, and passes external tests (SSL Labs, etc.). # The error only appears occasionally in Firefox, refreshing sometimes fixes it, sometimes not. # Hosting and server logs show no issues at all. I suspect this is related to Firefox’s stricter OCSP validation, but I’m not sure how to debug or resolve it. Since my site streams drama and movie content, this error is frustrating for users who rely on Firefox. Has anyone else experienced this intermittent OCSP signing certificate error? Is there a known fix or workaround for Firefox-specific validation issues?

All Replies (1)

Sebastian Becker
Sebastian Becker
  • Moderator
more options

Hi,

SEC_ERROR_OCSP_INVALID_SIGNING_CERT is not a generic Firefox bug, but a strict OCSP validation failure. Firefox validates OCSP responses more rigorously than some other browsers, which explains why the site may appear to work in Chrome or Edge.

Based on the symptoms you describe (intermittent failures, refresh sometimes works), the most likely causes are:

Broken or misconfigured OCSP responder The OCSP response may be signed with an invalid, expired, or incorrect OCSP signing certificate, or the responder is occasionally serving a stale response.

CDN / load balancer inconsistency If you are using a CDN or multiple edge servers, some nodes may be returning an invalid OCSP response while others are not. This would explain the intermittent nature.

Incorrect certificate chain or missing intermediate Even if SSL Labs reports “valid”, Firefox may still reject OCSP responses if the responder chain is incomplete or incorrect.

What to check:

Verify the OCSP responder URL provided by your certificate authority.

Test OCSP responses directly using tools like openssl ocsp to confirm the signing certificate is valid.

Ensure all servers / CDN nodes are serving the same certificate chain and OCSP data.

If you control the server, try temporarily disabling OCSP stapling to confirm whether stapling is the trigger.

If disabling OCSP stapling resolves the issue, the problem is almost certainly on the server/CDN side and not in Firefox.

Firefox is behaving as designed here by rejecting invalid OCSP signing certificates. Hope this helps! Sebastian

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.