Expired "Let's Encrypt" certificate on old Firefox

certificate firefox

Solution 1:

It should be enough to install the stand-alone ISRG Root X1 certificate (as opposed to the cross-signed version). Your version of Firefox supports multiple validation paths and will recognize that this is the same X1 in both cases. (Same situation as this post, for example.)

Use another browser to download the "Self-signed" ISRG Root X1 from letsencrypt.org, then go to Options → Advanced → Certificates → View Certificates → Authorities. Click "Import", select the downloaded .der or .pem file, and mark it as trusted for verifying websites.

(Alternatively, use the 'certutil' tool that comes with NSS; see certutil -H -A.)

This isn't guaranteed to work with all Firefox and Mozilla versions ever released (in particular Firefox 31 got a brand new "mozilla::pkix" certificate validation module), but in my testing, even Firefox 24.7 accepts the installed ISRG root for websites that still send the DST cross-signed one. (Older versions don't even support TLS 1.2, so I did not test further.)

Related

What do you call a form of government where the regent never dies?
Alternative phrase for "Service user"?
There aren't [ many / any / no ] young people in our apartment block. (It's 'many' but..... Why not 'any'?)
"The A and B structure" or "The A and B structures"
What do you call a word that follows a punchline or a practical joke and is used to emphasize it?
What is the meaning of "rolling" here?
How is the sentence "This land is peaceful, its inhabitants kind" grammatically correct?
Is this sentence correct? (from a book) [duplicate]
What is the subject in the sentence [closed]
Is there a contraction for "where are" like "where's" for "where is"?
"That" vs "those" with multiple singular nouns
Past simple transforms to past perfect?