XPost: alt.comp.software.firefox

I'm trying to reach www.mbard.org Burn Day Status in Firefox, yes I know
its not burn season yet but I'm getting prepared for the inevitable fires.

The URL is "https://ssl.arb.ca.gov/pfirs/cb3/cb3.php?id=9" but it gives me
a security error when I try to reach it.�

Can anybody give me directions on fixing this?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On 10/14/2024 12:03 PM, david wrote:

I'm trying to reach www.mbard.org Burn Day Status in Firefox, yes I know
its not burn season yet but I'm getting prepared for the inevitable fires.

The URL is "https://ssl.arb.ca.gov/pfirs/cb3/cb3.php?id=9" but it gives me
a security error when I try to reach it.�

Can anybody give me directions on fixing this?

Windows 7
SeaMonkey 2.53.19

I get "The document contains no data."

If you are looking for "Agricultural & Prescribed Burning", try <https://ww2.arb.ca.gov/our-work/programs/agricultural-prescribed-burning>.


--
David E. Ross
<http://www.rossde.com>

Trump said that, if he loses the 2024 election for
President, it will be the fault of the Jews who voted
for Harris. I am scared that Trump is inciting a pogrom.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

david wrote:

The URL is "https://ssl.arb.ca.gov/pfirs/cb3/cb3.php?id=9" but it gives me
a security error when I try to reach it.

Same here, problem is their end ...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

VanguardLH wrote:

I tested the site at ssllabs.com. Nothing major showed up, except the
site failed "DNS CAA".

Did you notice near the bottom SSLlabs says

"HTTP Requests
1 https://ssl.arb.ca.gov/ (Request failed)"

Similar if you use network tab of devtools, after it handshakes, it
says the actual result is 0 bytes (firefox times-out).

Somebody needs to kick the server, maybe the ssl.arb.ca.gov is "just" a front-end wrapping SSL around a non-SSL internal server, and the
internal server is the one that's dead?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

david <this@is.invalid> wrote:

I'm trying to reach www.mbard.org Burn Day Status in Firefox, yes I know
its not burn season yet but I'm getting prepared for the inevitable fires.

The URL is "https://ssl.arb.ca.gov/pfirs/cb3/cb3.php?id=9" but it gives me
a security error when I try to reach it.�

Can anybody give me directions on fixing this?

When I try to reach the 2nd URL, Firefox warns the connection is not
secure. I click on the "Not Secure" button at the left of the address
bar to look at details which says the site's certificate "doesw not
supply ownership information", and "Verified by: Not specified", so the
CA (Certificate Authority) is not specified in their cert. I even tried
just the home page at arb.ca.gov (since adding "ssl" as a subhost name
seems odd), but got the same error.

I tested the site at ssllabs.com. Nothing major showed up, except the
site failed "DNS CAA".

https://blog.qualys.com/product-tech/2017/03/13/caa-mandated-by-cabrowser-forum

When I test mozilla.org and google.com at ssllabs, DNS CAA is good. Yet xfinity.com for my ISP has ssllabs report "DNS CAA = no". Firefox
doesn't like the site cert at arb.ca.gov. I tried your long URL in
Edge-C, and it got a similar error.

You said you were /trying/ to reach www.mbard.org which implies some
problem there (trying implies failure), but then you say a different
domain has connect problems. You didn't mention how you navigated from
the 1st to the 2nd. Only after wandering about the mbard.org web site
did I notice the "Burn Day Status" link which points to the arg.ca.gov
site.

I can connect to the 1st site okay. Firefox doesn't like the cert for
the 2nd. You'll have to wait until they fix their cert, or you report
the issue, and wait until they fix their cert.

Instead of using the hyperlink at the mbard.org site, I did a search on "california burn day status", and found:

https://burnpermit.fire.ca.gov/current-burn-status

I thought to find out if there are burn permits in your area that you
called your local fire department as they should know about those
permits.

Instead of starting at arb.ca.gov, I just went to ca.gov to search on
"burn permits", and got:

https://www.ca.gov/search/?q=burn+permits

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Andy Burns <usenet@andyburns.uk> wrote:

VanguardLH wrote:

I tested the site at ssllabs.com. Nothing major showed up, except the
site failed "DNS CAA".

Did you notice near the bottom SSLlabs says

"HTTP Requests
1 https://ssl.arb.ca.gov/ (Request failed)"

Similar if you use network tab of devtools, after it handshakes, it
says the actual result is 0 bytes (firefox times-out).

Somebody needs to kick the server, maybe the ssl.arb.ca.gov is "just" a front-end wrapping SSL around a non-SSL internal server, and the
internal server is the one that's dead?

Yeah, I saw the HTTP failure, but there are sites that do not accept
HTTP connects, and require only HTTPS connects. They don't even
redirect on an HTTP request to an HTTPS page. It's HTTPS, or nothing at
their site. But an internal server not responding could be the cause,
too.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Andy Burns wrote:

david wrote:

The URL is "https://ssl.arb.ca.gov/pfirs/cb3/cb3.php?id=9" but it
gives me
a security error when I try to reach it.

Same here, problem is their end ...

Won't talk to you, won't talk to me, or SSLlabs

<https://www.ssllabs.com/ssltest/analyze.html?d=ssl.arb.ca.gov>

the ARB server seems to go through SSL
negotiation just fine, but then not return any actual result.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On 10/14/2024 3:03 PM, david wrote:

I'm trying to reach www.mbard.org Burn Day Status in Firefox, yes I know
its not burn season yet but I'm getting prepared for the inevitable fires.

The URL is "https://ssl.arb.ca.gov/pfirs/cb3/cb3.php?id=9" but it gives me
a security error when I try to reach it.�

Can anybody give me directions on fixing this?

Might be their error. Might be a rude way of saying, "Go away.
We're not open for business yet." But you could also check here:

https://support.mozilla.org/en-US/questions/1444114

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On Mon, 14 Oct 2024 13:03:22 -0600, david wrote:

The URL is "https://ssl.arb.ca.gov/pfirs/cb3/cb3.php?id=9" but it gives
me a security error when I try to reach it.

Works for me currently (not Windows, of course). The security info says “Verified by: DigiCert Inc”.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Lawrence D'Oliveiro <ldo@nz.invalid> wrote:

david wrote:

The URL is "https://ssl.arb.ca.gov/pfirs/cb3/cb3.php?id=9" but it gives
me a security error when I try to reach it.

Works for me currently (not Windows, of course). The security info says �Verified by: DigiCert Inc�.

Yep, I retested. Wasn't working before (got the security error), but
works now. Guess they fixed their cert. When it wasn't working, I
didn't record who was the CA, or other details of their old cert.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Using <news:b99f4hlmvf4n$.dlg@v.nguard.lh>, VanguardLH wrote:

The URL is "https://ssl.arb.ca.gov/pfirs/cb3/cb3.php?id=9" but it gives
me a security error when I try to reach it.

Works for me currently (not Windows, of course). The security info says
�Verified by: DigiCert Inc�.

Yep, I retested. Wasn't working before (got the security error), but
works now. Guess they fixed their cert. When it wasn't working, I
didn't record who was the CA, or other details of their old cert.

Thanks. It works now. Wonderful your help for this problem.
They must have finally figured out nobody was visiting their pages and
fixed the certificate.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Lawrence D'Oliveiro wrote:

david wrote:

The URL is "https://ssl.arb.ca.gov/pfirs/cb3/cb3.php?id=9" but it gives
me a security error when I try to reach it.

Works for me currently

Certificate hasn't been changed, someone found the correct place to
thump the server.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On Mon, 14 Oct 2024 21:18:36 +0100, Andy Burns wrote:

Won't talk to you, won't talk to me, or SSLlabs

<https://www.ssllabs.com/ssltest/analyze.html?d=ssl.arb.ca.gov>

Just tried it, worked for me. Did a whole bunch of tests over several
minutes, then showed a big “A” grade at the top with four nice green bars to the right, and a bunch more details about certs, TLS versions and
cipher suites below.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Lawrence D'Oliveiro <ldo@nz.invalid> wrote:

Andy Burns wrote:

Won't talk to you, won't talk to me, or SSLlabs

<https://www.ssllabs.com/ssltest/analyze.html?d=ssl.arb.ca.gov>

Just tried it, worked for me. Did a whole bunch of tests over several minutes, then showed a big �A� grade at the top with four nice green bars
to the right, and a bunch more details about certs, TLS versions and
cipher suites below.

As Andy pointed out, probably not a problem with the site cert at the
front end server, but with the back end server that actually handles the
load.

A tracert on the arb.ca.gov site dies at 4.1.61.34 (Level 3). A site
owner can contract someone else to host a web site. The site owner
might expect the web hoster to manage the web site, but often the site
owner has to monitor their site, and report to the web hoster a problem. Waiting for the web hoster to fix the server without prodding them often
fails. They sell services, not manpower.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)