Funny how you keep posting this same stuff, but refuse to answer or provide details. I tried at the beginning of December I still await you meaningful response. Until you make a meaningful response everything else is moot.

https://support.mozilla.org/en-US/questions/1397223#answer-1551992

Instead of responding with answers to the questions you decided to post again on the 14th. You got crickets.

Now you are posting the same thing a third time. Nothing has changed, except you still have not answered the questions. Fundamentally there is a problem with the certificates. That is clear. What is it, I have no idea and attempts to elicit enough meaningful information from you to determine what have proven unsuccessful. Whose certificate is being offered? We have no idea you have not answered that question from the 5 December.

Despite what you think. Each and every one of those sites should have it's own certificate that correctly identifies it. That it actually involved some sort of manual intervention is the first sign there is a problem. I access thousands of web sites every year using TLS security. My browser does not stop me on each asking me mindless questions about certificates. That is because the certificates are not for some other site. It does exactly this if someone managing the server uses the wrong certificates. We still await your response as to what server certificate is being offered.

You appear fixated on your inability to save the exception, fine. Why are they not saving? You say no one is addressing that. Nothing is more from the truth. To address that we have to understand why it is not saving, what is the issue with that certificate. It is not as simple as fix the software! No one has yet come up with a what is the cause in this instance that might see a fix, either in the software you your server configuration.

Based on this test I did on just one of your main failing domains, it is clear the certificate is untrusted (and not just by Thunderbird) and thus the account is completely unsuitable for use where credit cards are concerned.

As a fellow user I have little or no interest in your trust relationship with the hosting provider. What I am interested in is what is the problem that causes the saved exceptions to become untrusted again. It may be as simple as your choice of antivirus program. But in the absence of answers from you nothing will change. As we are not mind readers and do not have a crystal ball to determine what is lurking under the buttons you choose not to click on and report on the content of, no one can actually offer you anything that looks like an answer.

Is the certificate issued perhaps by Kaspersky? I don't know and neither apparently do you. You are not responding when asked for such information. We are not snarky, we are asking you to participate and frustrated by your failure to do so. Your bland statement that the confirm is not permanent is not going to get a solution, or even a meaningful discussion on what is happening and how to make it save like you want.

BTW, This is somewhat off topic but I think relevant to you after my visit to http://aquarien.com/ Unsecured web sites such as http://aquarien.com/ are becoming quite difficult to access for most users of web browsers as the browsers are beginning to actively blocking sites that do not use encryption. See https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-https-by-default-in-private-browsing/ for one example. A more cross browser balanced view from the EFF here https://www.eff.org/https-everywhere/set-https-default-your-browser

Did you know that every time that error comes up, the box for "Permanently store this exception" in it is already checked? And why would you think I have the answers you keep demanding? If you want answers to what Network Solutions does with their certificates, ask Network Solutions. I turn 77 this month, and have lived with chronic pain and fatigue since a head-on with an inebriated driver killed the driver next to me and maimed me for life in 1985, crushing my left hip and damaging my spine. I started losing the ability to do higher math and computer programming nearly 30 years ago due to medications, and now age has taken the rest. Late last year (2022) I had surgery to remove most of a tumor from my spinal cord at L1-L2 that caused horrible pain. I have to take naps every day to recover from the pain that's left. You try that and see how much you feel like running around in circles to solve problems for people who have made their product so complicated that it can't keep its own word on storing security exceptions. If you like, I can post these "errors" and responses on ResearchGate.net so that anyone can see for the rest of Internet time just how snarky and manipulative Mozilla "top contributors" are to their elders. Wait a bit; when you get old enough, someone younger will pull this same crap on you. Until then, I will keep posting these obnoxious dumb computer errors until someone at Thunderbird gets it right. And BTW, you are merely repeating the same meme that some malignant nurse gave me after they gave me inadequate painkiller, left me screaming in the Tulsa Saint Francis ER, and then lied about it: "You just aren't explaining to us what you need good enough!" FYI, stick "Finite differences tutorial" into Bing or Google and see what comes up on the first or second page. Aquarien.com comes up in my Firefox just fine, Snarky.

And one more thing. I think you're lying to me. The first snarky puppy who answered my first question on this issue babbled on about how Network Solutions certificates are "cheap". Some of you apparently have a political problem with NS that is not only none of my concern, but far beyond my skills to resolve. And you look to be trying to recruit users to your cause by unethically manufacturing false error messages for us. I trust NS to use good certificates, and you have some other opinion, then damn well suck up your egos and work it out with Network Solutions. Quit taking it out on users. "Permanently store this exception" and stop revoking it. Otherwise, I can find a few people in State and Federal Governments to file complaints with.

Developer's detailed response. Which has tips for debugging ...

The user is showing several different hostnames. Of course it's expected that every hostname needs a separate exception. Well, even every separate port on each hostname needs its own exception.

However, there's also the same hostname/port combination shown repeatedly. If that really happens after having stored an exception for that combination, there's one more scenario in which we would legitimately prompt the user again: If the server provides a different certificate. Because, when storing an exception, we remember the exact conbination of host/port/cert. Because potentially, the user might have performed a manual check that the certificate is as expected. That's why we prompt again whenever the cert changes. (That usually should be rare event.)

However, if it indeed happens frequently that certs change for the same host/port, it could be a MITM situation (maybe a device in the middle creates random/fresh certs frequently?), or the hostname could resolve to multiple servers, each serving a different certificate?

To diagnose, the user could pick one host/port combination that is re-prompted frequently, and save a copy of the shown certificate each time the user is prompted. Then compare if the certs are different. If the certs are always the same, it's our bug.

You make a large assumption - that I have the skills to follow your suggestions. About a decade ago, I stopped programming computers because my senior medications made my thinking too fuzzy for that kind of detail work. But I haven't forgotten how good programming works. It's the reason I still use PhotoShop 7.01 and other old programs in Windows 7 (well, it's miles better than 10, but still Windows). Nor is this the only bug. Recently, TBird stopped accepting Twitter notification e-mails. And every so often, it downloaded 100s of old emails, putting unneeded duplicates in my folders. I no longer have these problems - I switched to Apple Mail on another computer, and it works seamlessly, like TBird used to. It downloaded over 1000 emails without a glitch, not even a certificate problem. If you look back at https://support.mozilla.org/en-US/questions/1397223 you will find the root of the problem. The very first response I got - snark and jeers, blaming someone else, anyone else, for the problems. Then I got snotty, bad advise telling me that I should quit using passwords and AV programs. It's someone else's fault - the AV program, the mail server, myself, whatever. Mozilla simply isn't as professional and competent as it used to be. Too bad, I really liked the old TBird before someone "improved" it. Between pain, fatigue and the side effects of medications, I have few productive hours left in my day, and none to spare for snipe hunts. So I wish you luck in getting back to the quality Mozilla used to have.