SSL Issue in Firefox

What is the name of the domain?

staging.falcondive.dev

What is the error message?

Did Not Connect: Potential Security Issue

What is the issue you’re encountering

Firefox detected a potential security threat and did not continue to staging.falcondive.dev because this website requires a secure connection. What can you do about it? staging.falcondive.dev has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site. The issue is most likely with the website, and there is nothing you can do to resolve it. If you are on a corporate network or using antivirus software, you can reach out to the support teams for assistance. You can also notify the website’s administrator about the problem.

Screenshot of the error

Screenshot 2024-08-06 at 12.54.36 PM.png2872×1444 298 KB

Your site is loading ok for me in Firefox at the moment. .dev is in the HSTS preload list, so can only be connected to using HTTPS - make sure you have no content linked over http:// on your site.

Still we see below error, ours is a latest firefox mozilla.

Peer’s Certificate issuer is not recognized.

HTTP Strict Transport Security: true
HTTP Public Key Pinning: false

Certificate chain:

-----BEGIN CERTIFICATE-----
MIIC3zCCAcegAwIBAgIHAIAwDC0iXjANBgkqhkiG9w0BAQsFADCBjTELMAkGA1UE
BhMCR0IxFDASBgNVBAgMC094Zm9yZHNoaXJlMQ8wDQYDVQQKDAZTb3Bob3MxDDAK
BgNVBAsMA05TRzEmMCQGA1UEAwwdU29waG9zIFNTTCBDQV9HVkRuelVoaktzZnlC
VGMxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAc29waG9zLmNvbTAeFw0yNDA3MjMw
NjAzMDRaFw0yNDEwMjEwNjAzMDNaMBkxFzAVBgNVBAMTDmZhbGNvbmRpdmUuZGV2
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE24Jcy5pmSjJFcqeHpRKwz5lj0qNY
13/lOiTauVnU/BYT90xg0wAo0XZZrusbSUV0fuJPeHnNu5Mlt5fW57md26OBgTB/
MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8E
AjAAMCsGA1UdEQQkMCKCDmZhbGNvbmRpdmUuZGV2ghAqLmZhbGNvbmRpdmUuZGV2
MB0GA1UdDgQWBBRdCEHs9r9iGgXYDCUnAEe6BbDpjjANBgkqhkiG9w0BAQsFAAOC
AQEABO/d+cLC3TseHgGtwevmq90q51kaSKcZsL6zuBv79vrwbftcZTBBSnaaWgjB
VcODQrHyUt4KharZokt5WoMnBhS6lyO4Mcbm9EvuxyWIa7kkkUPvu/2G0R5eBpof
cHoJ2QWh+EzaFqfujUMFZxGpjDlqhbgd/ugYiuI/ivegLqfke7XdyxVHqkCG651Y
UN8Y1DPcMA2TlWRaOtSpCTtETJfMi4J40ReHb0UyihmYlN74iUEvNAUjIox4jkas
36chnie0IYPHy4oCvZHpwQT7DgAKn67SRvp2yBX0QC2SMrY2NRD4BTJqy3VajEUy
shE3szzCzd3gVCFHU3fHujfULw==
-----END CERTIFICATE-----

As mentioned, your site is loading ok for me in Firefox…

Screenshot 2024-08-06 at 10.39.051125×1088 60 KB

Make sure you don’t have a local resolver or hosts file setting that is resolving to the origin IP address rather than the Cloudflare IP address…
https://cf.sjr.org.uk/tools/check?377ffb3927054277ab813a90ad0942e0#dns

Make sure your SSL/TLS setting is set to “Full (strict)” here…
https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls

If that produces a 525/526 error then the problem is with the certificate on your origin server and that is what your local resolver is pointing to.

This certificate is issued by Sophos, which seems to be a firewall or something that is running on your device.

https://support.sophos.com/support/s/article/KB-000035645?language=en_US

Why we are getting different SSL Certificates from different providers?

We are getting Google Trust Services as CA when we use Firefox and Edge and getting Sophos as CA when we try to access it from Google Chrome in some systems.

In some systems, We are getting Google Trust Services as CA in all browsers.

We have not configured any firewall or host configs in any system.