david-dm.org TLS certificate distrusted in Firefox Nightly

[edmorley]

Visiting https://david-dm.org/ in Firefox Nightly fails with a "Your connection is not secure" error.

Your connection is not secure

The owner of david-dm.org has configured their web site improperly. To protect your information from being stolen, Nightly has not connected to this web site.

...

david-dm.org uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

Checking the cert using https://www.ssllabs.com/ssltest/analyze.html?d=david-dm.org shows:

This server's certificate will be distrusted by Google and Mozilla from March 2018.

...which links to: https://blog.qualys.com/ssllabs/2017/09/26/google-and-mozilla-deprecating-existing-symantec-certificates

So presuming Firefox Nightly has already made that switch, in readiness for the release in March - and so david-dm.org will need a new cert?

[alanshaw]

Thanks for reporting - the cert actually expires on March 8th so I'll make sure I renew before the end of the month

[edmorley]

I don't know what your thoughts are about Let's Encrypt, but perhaps worth considering switching to it at the same time? :-) https://certbot.eff.org/#ubuntutrusty-nginx

[alanshaw]

yeah that was my plan ;)

[edmorley]

Now resolved - thank you :-)