Thread: Add-ons not working due to certificate expiration

remain calm, o disenfranchised populace !

normal services shall be resumed shortly

really, it’s educational to see the traumatic responses of the e-generation when subjected to a brief outage, as if the world has been destroyed

it’s a browser, people… a usually great and reliable browser, but currently it’s having a hiccup

your lives will not be permanantly ruined… don’t go hyperventilating and gestating ptsd on the back of a transient outage

breathe in, breathe out; it will be better soon

4 Likes

For Android users:
According to the github bug report (#19):


the problem can be bypassed by setting
xpinstall.signatures.required
to “false”.
I’ve tried it and it works for me.

In the absence of any workaround for android users:
Why is this not proposed as a (temporary) workaround by mozilla?
As long as auto updates for addons is deactivated and no new addons installed, this should not pose any risks for users, correct?

Update to my above post:
this workaround does no longer work.

No they still show the same error message

stop bullshitting us, ty :wink:
EDIT:
this was @g00gleconsumer

by us I meant the forum, I’m not a dev
(just for clarification)

How much longer? This is nuts.
Nothing is working now. No add-ons , and even my subscriptions for Premium station, HBO, Starz.
I hv had to move on to another browser to watch my shows and use addOns. The real bummer is that I hv most of my Bookmarks on FireFox. However I can transfer.

I enabled ‘Studies’ and then Add Ons and Themes returned within minutes…Thank goodness !
Even at the best of times though, Firefox tends to be a ‘Net Nanny’ and can stop you using Add Ons that are not signed etc, even though you have been using them happily for 10 years or more …Should just let the user decide !

Mozilla…what happened to you? You were cool once!
Why do you keep f-ing up all the time!?

The desaster with your forced pocket-installations. Integrating Cliqz. Coercing people into creating Firefox accounts to sync settings and bookmarks, by telling them their profiles won’t work AFTER an update.
Now you ship my DNS-Requests to Cloudflare, because you need to participate in this hipster-crap, that calls DNS via JSON and … forgot … that certificates need to be renewed once in a while. Did you switch to LetsEncrypt or something?

Now here’s my real problem: I can’t activate studies. The checkbox won’t stay checked. So how long will it take for me to receive your “hotfix”?

P.S. When you activate link-tracking with ping by default, will you AT LEAST give us an option to turn it off?

dunno about ping, but it doesn’t matter
you can do workarounds (even without js, see Google search currently)

DoH is not hipster, it’s useful for several reasons, json was just chosen, because it was convenient.
I bet people would’ve flamed more if it was xml haha

About studies: maybe contact Firefox support or open a ticket on bugzilla (sounds like a bug).
maybe refreshing Firefox by resetting your settings would fix it, but it would also reset all settings (so not a good solution)

or just wait for the permanent fix, if you’re lazy

what happened to Mozilla? it grew up. (feature-wise. which means it’s larger which means it’s more complex)
but it has trouble keeping up with Google, since Google is the larger company

1 Like

blame malicious software that is able to manipulate add-ons that are fine but uncertified.
even if you installed it yourself, software can infect you with Keyloggers when Firefox doesn’t verify them on every startup.
this is in the interest of all addon developers.

And the addon devs even have the advantage that they are able to offer add-ons on their own website for download now and not just on AMO

I always used mozilla for years, but making sure all of the privacy “auto-updates” and “send data” options were turned off, even in that obscure “about:config” options page.

Now suddenly all of my addons stopped working. Why of all things? I thought I was all the options made me isolated from mozilla.

I’ll answer myself, firefox is another piece of garbage that lures you in a false sense of security about your privacy, but it’s still sending data about your browser without any consent. It’s just another hypocrital corporation added to the list.

NOBODY should use it any more, period. Mostly when there are dozens of alternatives.

UPDATED:
Android FIX.
Disable Automatic date and time. Change Android system time to 29 April 2019. Enable your addons in the addons menu. All working fine now. You can install addons as well from the store.

my assumption:
because people tend to forgot to disable workarounds: far worse and causes more issues which then Firefox Support has to solve through probing the users, when they start experiencing other issues

I don’t see why the installation of add-ons should be risky. uninstall action on the other hand obviously leads to data loss, since you delete the add-on’s data with it.

Please always remember: “don’t bite the hand that feeds you”!

it doesn’t send data, it received data that one certificate from Mozilla was invalid (it expired on Fr/Sa), maybe that check was even completely offline

that’s all

there was no commando that ordered your installation to disable all addons
the reaction was indirect and very much unintentional

I’m not sure whether the process for expiring certificates and rejected certificates is the same, but there is this setting:

I strongly advise to keep the setting checked though.
You would want the certificate system to work correctly and therefore you need to allow automatic rejection (often that is issued by the companies to which the certificate belongs, for example when the key needed to generate the certificate was leaked aka the certificate was compromised)

@Djfe, you can’t say that, Felix. Data are collected and analyzed but in a anonymized fashion in order to help Mozilla, the wonderful team behind the wonderful piece of software Firefox, to help improve their browser and make web browsing safer and more secure. You agree?

I was talking about the studies only.
The DoH study didn’t do DoH dns requests for urls that the user requested, did it?

apart from the common anonymization: was there even data that can be considered private that was/is delivered to Mozilla?
(I don’t think so, but pls correct me if I’m wrong)

Reposting in cased this helps others, it worked for me and seems like the best way.

Samuel Vuorela wrote on May 4, 2019 at 9:20 am:

Why not just post a link to the fix that can be installed WITHOUT enabling Studies? This sounds like a clever plan to get more people to share their data via Studies…

The fix in question can be installed by clicking this link [1]. It’s signed by Mozilla.

Thanks to user gpm at Hacker News, who posted this tip [2].

[1] https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi

[2] https://news.ycombinator.com/item?id=19826903

1 Like

I reinstalled Firefox and sadly I lost all my add-ons and data… now i can’t download them again… “Failed download - check your connection” it’s message to me… “studies” activated of course…

1 Like

I have done all the processes to turn the studies on, etc. Having removed NoScript (thinking it was the problem) I now find I can’t add it back. The direct download says it’s unsigned, and clicking the link through the add-ons page says it can’t be downloaded. What do I do now? The internet is virtually unuseable without ad blocking. Don’t you people have a rollback process in case stuff like this happens? Or do you run things the Microsoft way - release untested and bugged updates,a nd rely on the users to report issues, no matter how bad it affects them? This is really getting to be an issue since you went over to Quantum, and is almost enough to make me go to Chrome, or - heaven forbid - Edge. You used to be the best and leading browser, and now… just a joke.