lucaspetter
commented
8 years ago Craigslist has a big list of various regional sites, but the only ones that support https are those on .org, .ca, and .co.uk domains. This is also shown in the certificate, which is only valid for .org, .ca, and .co.uk domains.
When going to craigslist.org with HTTPS Everywhere on, I get this redirect sequence:
- http://craigslist.org/, which gets rewritten by HTTPSE to
- https://www.craigslist.org/, which redirects to
- https://geo.craigslist.org/, which redirects to
- //vancouver.craigslist.ca/, which is equivalent to
- https://vancouver.craigslist.ca/
The protocol-relative redirect in number 4 above looks like the source of your "Untrusted Connection" problem. I'm guessing the geo.craigslist.org server probably gives a protocol-relative redirect every time, even if the destination doesn't support https, as with helsinki.craigslist.fi. If that's true, then this issue affects all non-.org/.ca/.co.uk regions. But since I'm in Canada, where Craigslist does support https, I can't verify any of that.
*Could you (or anyone else outside the .craigslist.org, .ca, and .co.uk regions) check whether https://geo.craigslist.org/ gives a protocol-relative redirect?** If so, then we'll know what the problem is for sure.
J0WI
The Craigslist.org (partial) ruleset prevents craigslist.org from redirecting to helsinki.craigslist.fi, which doesn't support HTTPS. The failed redirection leads to a "This Connection is Untrusted" warning page.
It might be worth looking into if this is happening on other local craigslist sites as well.