Yonke imikhiqizo Community Forum

Hello, I run a movie and drama-related website: https://tvmon.com.co/. Recently, I’ve noticed that Firefox occasionally throws the following error when trying to access the site:

"Secure Connection Failed An error occurred during a connection to tvmon.com.co. . The OCSP response contains an invalid signing certificate. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT"

This issue is very strange because:

1. The site loads fine in Chrome, Edge, and Safari.

1. My SSL/TLS certificate is valid, up-to-date, and passes external tests (SSL Labs, etc.).

1. The error only appears occasionally in Firefox, refreshing sometimes fixes it, sometimes not.

1. Hosting and server logs show no issues at all.

I suspect this is related to Firefox’s stricter OCSP validation, but I’m not sure how to debug or resolve it. Since my site streams drama and movie content, this error is frustrating for users who rely on Firefox.

Has anyone else experienced this intermittent OCSP signing certificate error? Is there a known fix or workaround for Firefox-specific validation issues?

Site: https://www.thegamer.com Firefox refuses to load the site, it does not even show the certificate when clicking on the lock. Using the certificate manager, add exception does not work too, it just refuses to store the certificate. But at least THERE I can VIEW the certificate, which proves it is valid and FIREFOX is at fault:

https://www.ssllabs.com/ssltest/analyze.html?d=www.thegamer.com&latest shows "IO exception" when trying to check the CRL, but gives an A+. Yet Firefox does not even give me the "Continue anyway" possibility. This it tiering, I hate using google chrome based browsers, but of course, it works there. Server 2025, only MS-defender at its default settings.

Subject Name Common Name thegamer.com Issuer Name Country US Organization Let's Encrypt Common Name E8 Validity Not Before Mon, 13 Oct 2025 23:03:42 GMT Not After Sun, 11 Jan 2026 23:03:41 GMT Subject Alt Names DNS Name

• .thegamer.com

DNS Name thegamer.com Public Key Info Algorithm Elliptic Curve Key Size 256 Public Value 04:0E:95:16:C4:A2:23:9D:81:AD:D7:70:4C:4B:A5:F7:68:0E:33:E2:A0:1C:81:6D:0F:1C:F5:C8:EF:5B:C8:64:AD:15:86:5D:5E:E6:FA:A6:DB:41:86:A5:F0:28:7A:45:F4:8D:75:B3:18:43:E9:0F:7C:75:10:AE:F8:A0:04:7B:D5 Miscellaneous Serial Number 06:6C:A7:00:7C:ED:C0:50:E2:FD:4F:6C:A0:8C:0F:86:2B:AD Signature Algorithm ECDSA with SHA-384 Version 3 Download PEM (cert)PEM (chain) Fingerprints SHA-256 D0:D5:E8:73:9E:6D:B1:2D:EC:5D:47:0D:70:BF:58:1C:AC:A5:D3:89:20:6D:54:15:09:E8:42:9C:82:F7:4F:8F SHA-1 53:E6:54:B5:37:0F:4B:23:BE:73:8A:6B:37:6B:BE:A6:A5:86:E4:5B [This extension has been marked as critical, meaning that clients must reject the certificate if they do not understand it.] Basic Constraints Certificate Authority No [This extension has been marked as critical, meaning that clients must reject the certificate if they do not understand it.] Key Usages Purposes Digital Signature Extended Key Usages Purposes Server Authentication, Client Authentication Subject Key ID Key ID 53:6A:02:33:30:1C:AD:4D:3B:F2:9F:4D:6D:E4:33:26:31:69:8F:61 Authority Key ID Key ID 8F:0D:13:A2:F6:2E:7E:D1:50:6C:33:18:38:5D:59:8E:23:72:91:CA CRL Endpoints Distribution Point http://e8.c.lencr.org/46.crl Authority Info (AIA) Location http://e8.i.lencr.org/ Method CA Issuers Certificate Policies Policy Certificate Type ( 2.23.140.1.2.1 ) Value Domain Validation Embedded SCTs Log ID 0E:57:94:BC:F3:AE:A9:3E:33:1B:2C:99:07:B3:F7:90:DF:9B:C2:3D:71:32:25:DD:21:A9:25:AC:61:C5:4E:21 Signature Algorithm SHA-256 ECDSA Version 1 Timestamp Tue, 14 Oct 2025 00:02:12 GMT Log ID 19:86:D4:C7:28:AA:6F:FE:BA:03:6F:78:2A:4D:01:91:AA:CE:2D:72:31:0F:AE:CE:5D:70:41:2D:25:4C:C7:D4 Signature Algorithm SHA-256 ECDSA Version 1 Timestamp Tue, 14 Oct 2025 00:02:12 GMT

Subject Name Country US Organization Let's Encrypt Common Name E8 Issuer Name Country US Organization Internet Security Research Group Common Name ISRG Root X1 Validity Not Before Wed, 13 Mar 2024 00:00:00 GMT Not After Fri, 12 Mar 2027 23:59:59 GMT Public Key Info Algorithm Elliptic Curve Key Size 384 Public Value 04:D1:65:F2:5E:DC:4B:B4:0C:02:9C:D2:B2:FA:EE:E9:6C:AB:3A:AE:38:A1:F4:D4:39:32:33:C5:42:D4:CC:33:0C:34:C7:21:20:90:70:5C:E8:62:2F:1C:71:B3:42:D7:79:BE:46:0D:C1:DB:47:A1:13:A0:C7:DF:81:26:63:3B:D4:8D:1D:F6:3D:82:33:32:F6:F4:2B:E7:F5:96:3A:B4:13:67:18:7B:6B:3E:8D:48:D9:EA:DE:ED:AE:6D:3E:87:4C Miscellaneous Serial Number 63:95:93:63:C2:4E:70:82:71:59:18:BF:C3:D7:ED:56 Signature Algorithm SHA-256 with RSA Encryption Version 3 Download PEM (cert)PEM (chain) Fingerprints SHA-256 83:62:4F:D3:38:C8:D9:B0:23:C1:8A:67:CB:7A:9C:05:19:DA:43:D1:17:75:B4:C6:CB:DA:D4:5C:3D:99:7C:52 SHA-1 54:31:7E:B0:76:5F:0B:C6:74:85:51:84:EB:83:74:B4:19:9E:46:55 [This extension has been marked as critical, meaning that clients must reject the certificate if they do not understand it.] Basic Constraints Certificate Authority Yes [This extension has been marked as critical, meaning that clients must reject the certificate if they do not understand it.] Key Usages Purposes Digital Signature, Certificate Signing, CRL Signing Extended Key Usages Purposes Client Authentication, Server Authentication Subject Key ID Key ID 8F:0D:13:A2:F6:2E:7E:D1:50:6C:33:18:38:5D:59:8E:23:72:91:CA Authority Key ID Key ID 79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E CRL Endpoints Distribution Point http://x1.c.lencr.org/ Authority Info (AIA) Location http://x1.i.lencr.org/ Method CA Issuers Certificate Policies Policy Certificate Type ( 2.23.140.1.2.1 ) Value Domain Validation

Subject Name Country US Organization Internet Security Research Group Common Name ISRG Root X1 Issuer Name Country US Organization Internet Security Research Group Common Name ISRG Root X1 Validity Not Before Thu, 04 Jun 2015 11:04:38 GMT Not After Mon, 04 Jun 2035 11:04:38 GMT Public Key Info Algorithm RSA Key Size 4096 Exponent 65537 Modulus AD:E8:24:73:F4:14:37:F3:9B:9E:2B:57:28:1C:87:BE:DC:B7:DF:38:90:8C:6E:3C:E6:57:A0:78:F7:75:C2:A2:FE:F5:6A:6E:F6:00:4F:28:DB:DE:68:86:6C:44:93:B6:B1:63:FD:14:12:6B:BF:1F:D2:EA:31:9B:21:7E:D1:33:3C:BA:48:F5:DD:79:DF:B3:B8:FF:12:F1:21:9A:4B:C1:8A:86:71:69:4A:66:66:6C:8F:7E:3C:70:BF:AD:29:22:06:F3:E4:C0:E6:80:AE:E2:4B:8F:B7:99:7E:94:03:9F:D3:47:97:7C:99:48:23:53:E8:38:AE:4F:0A:6F:83:2E:D1:49:57:8C:80:74:B6:DA:2F:D0:38:8D:7B:03:70:21:1B:75:F2:30:3C:FA:8F:AE:DD:DA:63:AB:EB:16:4F:C2:8E:11:4B:7E:CF:0B:E8:FF:B5:77:2E:F4:B2:7B:4A:E0:4C:12:25:0C:70:8D:03:29:A0:E1:53:24:EC:13:D9:EE:19:BF:10:B3:4A:8C:3F:89:A3:61:51:DE:AC:87:07:94:F4:63:71:EC:2E:E2:6F:5B:98:81:E1:89:5C:34:79:6C:76:EF:3B:90:62:79:E6:DB:A4:9A:2F:26:C5:D0:10:E1:0E:DE:D9:10:8E:16:FB:B7:F7:A8:F7:C7:E5:02:07:98:8F:36:08:95:E7:E2:37:96:0D:36:75:9E:FB:0E:72:B1:1D:9B:BC:03:F9:49:05:D8:81:DD:05:B4:2A:D6:41:E9:AC:01:76:95:0A:0F:D8:DF:D5:BD:12:1F:35:2F:28:17:6C:D2:98:C1:A8:09:64:77:6E:47:37:BA:CE:AC:59:5E:68:9D:7F:72:D6:89:C5:06:41:29:3E:59:3E:DD:26:F5:24:C9:11:A7:5A:A3:4C:40:1F:46:A1:99:B5:A7:3A:51:6E:86:3B:9E:7D:72:A7:12:05:78:59:ED:3E:51:78:15:0B:03:8F:8D:D0:2F:05:B2:3E:7B:4A:1C:4B:73:05:12:FC:C6:EA:E0:50:13:7C:43:93:74:B3:CA:74:E7:8E:1F:01:08:D0:30:D4:5B:71:36:B4:07:BA:C1:30:30:5C:48:B7:82:3B:98:A6:7D:60:8A:A2:A3:29:82:CC:BA:BD:83:04:1B:A2:83:03:41:A1:D6:05:F1:1B:C2:B6:F0:A8:7C:86:3B:46:A8:48:2A:88:DC:76:9A:76:BF:1F:6A:A5:3D:19:8F:EB:38:F3:64:DE:C8:2B:0D:0A:28:FF:F7:DB:E2:15:42:D4:22:D0:27:5D:E1:79:FE:18:E7:70:88:AD:4E:E6:D9:8B:3A:C6:DD:27:51:6E:FF:BC:64:F5:33:43:4F Miscellaneous Serial Number 00:82:10:CF:B0:D2:40:E3:59:44:63:E0:BB:63:82:8B:00 Signature Algorithm SHA-256 with RSA Encryption Version 3 Download PEM (cert)PEM (chain) Fingerprints SHA-256 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6 SHA-1 CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8 [This extension has been marked as critical, meaning that clients must reject the certificate if they do not understand it.] Basic Constraints Certificate Authority Yes [This extension has been marked as critical, meaning that clients must reject the certificate if they do not understand it.] Key Usages Purposes Certificate Signing, CRL Signing Subject Key ID Key ID 79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E

I have never ever had a problem getting into my bank account until this evening.

Says it is insecure.

How can this happen? I really need to get into my account!

I'm getting a PR_CONNECT_RESET_ERROR on my PC when trying to web browse. Same problem with other browsers. Was working fine till a few days ago The URL box has 'Not Secure' before each URL address I try. Have looked up solutions on YT to no avail eg clearing cache etc

My Laptop has no problem with this.

Please help me purchase a NM Gift Certificate for my daughter Caroline Campbell. She has an account with you but I do not and I'm overwhelmed by the process. Lisa Nichol [edited email from community support forum]

When I bring up the certificate-expired URL

<https://oaklandwiki.org/>

in Firefox 149.0 on Windows 11 I am told "You have added a security exception for this site." But not how to remove it. How do I do that? I did not see anything in Settings or about:config; did I miss it?

I have an website which I prior to this error message have visited many times on Firefox and had no problems. Recently though around two days ago I noticed that I couldn't get in and was met with the following message "Warning: Potential Security Risk Ahead". I can't bypass it apparently and I really need to be able to access this site as it's a University site.

I can access the site on other browsers such as Chrome and Edge but I use Firefox as my default browser and I'd like to keep it that way. I'd appreciate any help I can get.

Said link: https://canvas.gu.se/

Hi All, I want to block traffic on firefox externally for managed devices via Intune, following the import of the ADMX/ADML files into intune.

I have set '\Mozilla\Firefox\Exceptions to blocked websites' to the following

• //*.mydomain.com/*

which works, however, I also want to add hosts that are only resolving on IPs and not DNS. I can add specific IPs if known, but is there a way I can allow IP ranges? Ie

• //10.10.*/* (this doesn't currently work)

Of the included screenshot, only the wildcard for mydomain.com and the specific IP currently work

If there is a better way to do this via intune for firefox only, please let me know.

Thanks

Subject: Urgent Assistance Needed with Certificate Installation

Dear Team,

I hope this message finds you well. I am in urgent need of assistance regarding a Linux-based system where we have the Firefox browser installed. I need to establish a secure connection with one of my servers, which requires the installation of a certificate.

However, I am unable to locate the certificate export button in the certificate view or anywhere else in the browser. I have tried several methods without success.

Could you please help me with this issue as soon as possible? Your guidance would be greatly appreciated.

Thank you very much!

Best regards, Kishor

An error occurred during a connection to ezproxy.yu.edu.jo. PR_CONNECT_RESET_ERROR

Error code: PR_CONNECT_RESET_ERROR

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

Learn more…

When trying to access many popular websites with Firefox on my Fedora 43 installation, I am greeted with a security warning page with the SEC_ERROR_UNKNOWN_ISSUER error. For most of these websites I can simply accept and continue, but HSTS-only sites will not permit this.

Affected websites include but are not limited to (based on exceptions in the certificates section of Firefox settings):

• github.io (many subdomains)
• purdue.edu (many subdomains)
• iu.edu
• ebay.com
• cbsnews.com
• iwm.org.uk
• home.cern
• celestrak.org

Any help in resolving this is appreciated.

Clear Error code: PR_END_OF_FILE_ERROR This is only on Amazon.com. Secure Connection Failed

An error occurred during a connection to www.amazon.com. PR_END_OF_FILE_ERROR

Error code: PR_END_OF_FILE_ERROR

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

Learn more…

Hi Love Firefox and use it every day to manage clients Google Ads accounts. Updated to latest version and now I'm getting this warning when I'm trying to access ads.google.com Doesn't appear that I can add an exception, is there a work around that I can use. Look forward to hearing back. Thanks in advance

Paul

Secure Connection Failed

The connection to www.tab.com.au was interrupted while the page was loading.

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

Secure Connection Failed

An error occurred during a connection to nrega.nic.in. Peer’s Certificate has been revoked.

Error code: SEC_ERROR_REVOKED_CERTIFICATE

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

Secure Connection Failed

An error occurred during a connection to citizen.jhpolice.gov.in. PR_CONNECT_RESET_ERROR

Error code: PR_CONNECT_RESET_ERROR

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

Learn more…