Note: Problem is solved. Sorry for bumps getting there but we future-proofed it and setup Let’s Encrypt.
Hosting Matters, our webhost, are great, so please consider them for your hosting needs. They are responsive, on the ball, and friendly whenever we need help!
Something is preventing Firefox from accessing our site (at least as I’ve heard and tested in Windows). No idea why this issue is suddenly upon us, nothing should have changed. Our certificate is valid for months and works fine on iOS Safari and chrome and Edge. Just Firefox having the issue, for now that I see.
For anyone with Android devices and using Firefox can you access the site, mobile, normal, or both/neither?
Trying to see if this is a Firefox issue related to an updated list of OCSP servers that omits our SSL certificate provider. It is listed, but perhaps some mis-config on their back-end is causing this; I’m still researching.
More soon.
Otherwise, open thread. I’ll be posting a tech thread soon to gather complaints for another round of updated and enhancements.
ETA: I did review your comments in Adam’s thread, so don’t worry about re-posting!
ETA: Firefox won’t work until I get this solved. It’s an issue with the SSL certificate provider, just have to go through the hoops to re-certify. Might go ahead and change to CertBot/Let’s Encrypt, if Host is cool with that since that was in the plan before December.
tl;dr Firefox may be ka-jiggered for a few more hours.
WaterGirl
For anyone with Android devices and using Firefox can you access the site, mobile, normal, or both/neither?
Alain, I believe the problem is on mobile devices and on computers – someone clearly spoke to that issue.
Just to be clear, you are now asking about which version of the site (desktop or mobile) and not asking about access from mobile devices vs. computers. Correct?
Anne Laurie
I can’t access BJ on my usual PaleMoon (FF analog) browser on the laptop I usually use, but I can on Internet Explorer (insofar as I can access anything on IE). Just had to cold-reboot after everything (PM, IE, Eudora email, non-internet links) froze up, which may have been due to IE, or just to this kludge-y setup.
Nominus
Able to access the site with Firefox on iPhone, getting the normal mobile version and posting this comment
Mike J
Failed on ffox on Android 6.0.1 (Marshmallow)
jeffreyw
I’m on android chrome,working fine I don’t have ff mobile on this device.
JerryN
Alain, if you’re monitoring this, in Chrome I’m not seeing the lock icon in the browser bar and the dev tools are indicating that there’s mixed content on the page from http://cedexis-video-embed.ora.tv. This probably isn’t causing the FF problem, but it may make it harder to troubleshoot.
WaterGirl
@WaterGirl: Sorry, I wasn’t clear but FYWP wouldn’t let me edit.
Here’s what you already know, right?
You already know that the problem is just for Firefox.
You know it happens regardless of whether you are using a mac device or a PC or android device.
You know it happens on mobile devices and computers.
What you want to know is just whether it happens in Firefox using the mobile version of the site and/or Firebox using the regular version, right?
So you don’t still need people to be reporting in about other browsers, correct?
Edit: So it seems like you need ONE PERSON to test Firefox using the mobile site and then trying using the regular site, correct?
Rob
Not news really: After I did this
FlyingToaster says:
September 11, 2016 at 6:03 pm
About:config
search for “ocsp”
set the lines with “stapling” to false.
It’s a temporary workaround, but I’m back in Firefox so we’re good.
I am now able to access the blog via Firefox on a MacBook Pro. However I am going to change the FF settings back and revert to Safari to view the blog.
jeffreyw
And now I’m on Chrome, windows 10, FFox browser still reports an issue with certificates.
TS
My problem is on a windows 7 desktop using firefox – this is the error
An error occurred during a connection to http://www.balloon-juice.com. OCSP response has an invalid signature. Error code: SEC_ERROR_OCSP_BAD_SIGNATURE
Posting via an ancient version of IE on same machine
Corner Stone
Beyond Detroit and any Jeff Fisher team, Dallas may be the worst coached NFL team currently going in the league.
yam
Look for the solution here: https://support.mozilla.org/en-US/questions/1013172
I did that and I can now read this site.
Mike J
OK, so if the clock runs out you can still score a TD or a FG, but you can’t score a safety?
Alain the site fixer
Problem figured out, now working on getting solution in place.
JerryN
Trying again, since the first attempt contained a link.
Alain, if you’re monitoring this, in Chrome I’m not seeing the lock icon in the browser bar and the dev tools are indicating that there’s mixed content on the page from cedexis-video-embed.ora.tv. This probably isn’t causing the FF problem, but it may make it harder to troubleshoot.
I'mNotSureWhoIWantToBeYet
@Mike J: No go on Android + latest Firefox here, too. Nexus 4 (5.1.1).
Thanks for checking into this, Alain.
Cheers,
Scott.
FlyingToaster
@Rob: That’s the temporary workaround.
I strongly suggest that everyone using the workaround: do plan on setting it back to normal first thing tomorrow; that’s certainly my plan. Same procedure, and set to “true”.
Anna
I just finished a 12 hour shift at my job at a web hosting company. CentOS and mostly cPanel.
Firefox check SSL certs against a OCSP database, but Chrome doesn’t. You can disable that check in FF, but obviously that’s not the best solution.
I checked the cert here: https://www.sslshopper.com/ssl-checker.html#hostname=balloon-juice.com
The CA (Certificate Authority) is Startcom. I have Startcom certs on some of my sites (cause they’re free), but I frequently get that error in FF.
For a free SSL cert, I’d recommend Let’s Encrypt. Or, for $9, you can get a Comodo cert.
https://www.namecheap.com/security/ssl-certificates/comodo.aspx
FlyingToaster
@Alain the site fixer: Congrats! That was certainly quick.
And now I gota run and get WarriorGirl headed in the general direction on bedtime…
Rob
@FlyingToaster 7:32: Thanks for that workaround. I made it very temporary. I have a feeling that if I didn’t revert FF back to the original settings I would forget about it.
HinTN
Firefox on the laptop fails. Chrome in S7 and whatever Samsung 4 uses as a browser are fine. Hated FF on the S4 but S7 required Chrome or something… Bah
HinTN
@jeffreyw: That’s what I have. W10 FF. Certificates
different-church-lady
I’ve got a old coal-fired version of FF on this steam-engine 8 year old Mac, and both are doing BJ just fine right now.
redshirt
@different-church-lady: Needs more coal.
jacy
I cannot access Balloon Juice using Firefox in Windows 10. I get the error message:
An error occurred during a connection to http://www.balloon-juice.com. OCSP response has an invalid signature. Error code: SEC_ERROR_OCSP_BAD_SIGNATURE
I can access it fine with my Android phone, and access it fine using the Chrome browser.
Alain the site fixer
It’s the OCSP responder servers – the SSL cert issuer, StartCom, requires re-verification of domain ownership (this is new). So FF looks at this site as questionable right now; as the verification propagates through their servers and mirrors, then the OCSP queries from FF should work again and all will be well .
Corner Stone
@Mike J: They just awarded Detroit a safety after the game clock had run to all zeros.
mainmata
I just use Chrome on a Mac platform and have never had a connectivity problem (that I know of). Hope the situation gets resolved soon so we can all hate on Shkreli, the Hilz Stalker.
JaneE
I am using chrome. It give me a message “Your connection to this site is private, but someone on the network might be able to change the look of the page.” Where it used to show the lock for https. Details show “was loaded over HTTPS, but requested an insecure plugin data ‘http://cedexis-video-imbed.ora.tv/i/homepage/video-50167/,basic600…obile400,.mp4.csmil/video-50167basic400.mp4.csmil/basic400.mp4Frag2Num2.ts’. This content should also be served over HTTPS.
Alain the site fixer
@JaneE: Unfortunately, that’s an ad and we can’t control it’s content, so we do get some mixed domain or mixed https/http stuff. Not much I can do about it, sorry!
Mike J
@Corner Stone:
Looked like Seattle should have had one, but it was irrelevant.
Alain the site fixer
Folks, looks like I’ll be updating the site this week so any issues, complaints, enhancements, etc.will be requested in a post tomorrow. I am not committing to do them all but I’ll get what I can done as well as update lots of stuff.
So keep your quills dry tonight and save your feedback for the post, I’m going to go scare up some dinner and trim my green-stemmed gongura before neighbors call the cops on me! (the top most leaves look a lot like marijuana leaves, at least to us!)
Cat48
Android with Chrome
I'mNotSureWhoIWantToBeYet
@Alain the site fixer: Yay!
[ 10,000 item list here ]
Ok, tomorrow. ;-)
Thanks very much!
Cheers,
Scott.
Mike J
@Alain the site fixer: There are too many states these days. Please eliminate three. I am not a crackpot.
?BillinGlendaleCA
@Mike J: That’s what the crackpots always say.
Mike J
@?BillinGlendaleCA: I’ll be deep in the cold cold ground before I recognize Missouri.
Rick Kane
Firefox has been getting klutzier, slower, & prone to crashes the last few months as they update it “improve” it. I a using Chrome & MS Edge in Windows 10 more & more.
Gravenstone
Was just going to comment about this, now that I’m accessing via Chrome. No idea if it’s related, but I had a very similar Firefox error tying to access my cell provider’s site a couple of weeks ago. Maybe some inherent issue with FF?
Felonius Monk
I’m having trouble accessing on Chrome — it’s telling me the certificate is no good.
waysel
Just lost BJ on Safari. It still works on Go Duck Go, of all things.
Sister Rail Gun of Warm Humanitarianism
I just had to add an exception for hmdnsgroup.com to get here.
Soprano2
Just now fixed for me on both Firefox on my Android phone and in Safari on my hubby’s IPad. And on Chrome on my phone. I mean just now, in the last two minutes.
I'mNotSureWhoIWantToBeYet
The changes have propagated to NoVA and B-J is working on FF now.
Thanks Alain!
Cheers,
Scott.
Millard Filmore
I use Firefox. The old URL was https://www.balloon-juice.com … it gave problems. Then it wanted an exception … ok … but then upon entry gave a permission error.
So I changed the URL to plain “balloon-juice.com” and got in.
Oddly, doing this reply puts me back to the HTTPS form, and it work for this reply.
planetjanet
YAY! I am on firefox on Windows 10 on desktop. I can close that icky edge browser now before I get cooties.
HinTN
Still working with Android Chrome but HOSED on mobile IE. Go figure…
Smedley Darlington Prunebanks (Formerly Mumphrey, et al.)
I don’t know if you already know this, but I have a p.c. with Chrome, and a few minutes ago, it wouldn’t open the site here. It said there were privacy problems or something. Maybe I should have tried to keep in mind what it said, but I didn’t think to. Sorry. But whatever it was seems all right now, since I’m here now. I don’t know if this helps or not, but I thought I’d let you know.
Robert Paehlke
I am on firefox and was blocked earlier today. All seems good now. Thank you.
FlyingToaster
And, we’re back!!!
Anyone who used the workaround, time to reverse:
about:config
search for “ocsp”
set the lines with “stapling” to “true”
I’m going to quit and restart my browser (I’ve already crashed the machine right after I got back), so see y’all on the flip side, or likely in another thread.
amk
Good job, the site fixer.
Alain the site fixer
We had to switch SSL certificates and had a mistake in the first try, quickly remedied.
Hosting Matters, our webhost, are great, so please consider them for your hosting needs. They are responsive, on the ball, and friendly whenever we need help!
Villago Delenda Est
It’s working now for me.
JR in WV
Hi, Alain,
I’ve had trouble posting replies to a thread, so this is an attempt to do so.
Best,
JR
DanR2
Failed to load on Safari 8.0.5 about an hour ago as well as Firefox. Working now. Obviously.
Also working on Firefox 48.01 for Mac now too.
I survived the blackout.
SFAW
Hi Alain –
First of all: thanks very much for fixing the Firefox issue. I was starting to go into withdrawal, because I don’t like Chrome, and would never use IE.
As an FYI — and I really don’t know if this is a site issue, or a me-issue, but the page took over a minute to load. Might have been the ad on the side, might have been some background script, I have no idea. (I’m a hardware guy, not a softhead/web guy.)
Anyway, thanks again for allowing me to knock my productivity back to near-zero.
smedley the uncertain
Accessing from Fire fox now. All seems OK.
Earlier today could NOT access from Android + Firefox or WIN7 + Firefox.
Smedley the uncertain
Nexus7+Firefox working now.
Death Panel Truck
Fuck. Wrong thread.
amk
Hillz faints and bj gets the vapors?
eta: stolen shamelessly from charles johnson of green footballs.
Corner Stone
Still getting boned on FF.
Corner Stone
SORRY!
If you are the owner of this website, please contact your hosting provider: [email protected]
It is possible you have reached this page because:
Corner Stone
Looks like IT reboot still has something to say. FF now picking up BJ.
Lexiltucky
Working for me again. Good job, Alain !!
Elie
If anyone cares my IE has has shown some certificate error screens… It usually resolves after refresh, but yes, its not just Firefox
Steeplejack (tablet)
Looks like I picked a good day not to get on Firefox or the big computer.
Origuy
Alain, could you disable ora.tv? It autoplays after the page has been up for a while. Sometimes it just makes a little noise, sometimes it’s the full ad. I wouldn’t mind it except for the autoplay.
nutella
When I couldn’t access the site on Firefox earlier today, I then tried OSX Safari. It said bad certificate and recommended not going to the site so I figured it I’d better not overrride that and am just coming back to catch up now that the cert problem is fixed.
So it was not a Firefox problem, just a tougher security response from Firefox than from other browsers.
Thanks for fixing.
DanR2
@Origuy: Yes. Please!
joel hanes
Firefox on Windows 10.
Couldn’t access BJ earlier today; all good now.
Thanks to the support staff.
Ole Phat Stu
Using Firefox in Germany.
When attempting to comment, it reported certificate mismatch and so wouldn’t let me comment here.
So if this comment appears the problem is fixed.
Brett W
SSL certificate from trusted CA avoids such browser warning and it is advisable to check SSL in tool after installation process. Sometimes inaccurate installation can blow such warnings in the browsers. Self sign certificate is also one of the prominent reasons for freaky browser warnings. I had few self sign certs before, but now I’m getting my certs from https://www.cheapsslshop.com/ They offer SSL certificates at very affordable price and I’m pleased with their friendly and patience support team.
cleek
why does BJ need a secure connection anyway?