Firefox AddOn/Extension disabled due to expired Mozilla certificate (60 ESR "could not be verified" / disabled / install fails ("corrupt"))See original GitHub issue
ETA 2019-05-04 15:42: It turns out this is a known Mozilla bug, affecting most/all Firefox extensions. https://bugzilla.mozilla.org/show_bug.cgi?id=1548973 contains their progress on working on it. It might be several hours before things are fixed up. https://discourse.mozilla.org/t/certificate-issue-causing-add-ons-to-be-disabled-or-fail-to-install/39047 is the Mozilla announcement channel for progress working on the issue.
Describe the Bug/Feature
Thanks very much for writing Cookie Auto Delete. It’s been a must use extension for me every since the FireFox 57 event horizon.
This afternoon (2019-05-04 NZST), Firefox suddenly reported that it had disabled the Cookie Auto Delete extension (while I was using Firefox), because it “could not be verified for use in Firefox”. I believe at the time the browser was running I had 3.0 installed, but it now shows as having 3.0.2 installed (and disabled). My guess is possibly it tried to auto-update to 3.0.2 in the background, which failed, and then it got disabled.
I’ve subsequently tried to add Cookie AutoDelete again, which failed with the message “Download failed. Please check your connection.” This failed both via my direct Internet connection (which is otherwise working) and via a web proxy on my colo host (which is also otherwise working).
I also attempted to access the download URL directly, which gave the error report “The add-on downloaded form this site could not be installed because it appears to be corrupt.”.
Screenshot in which the bug can be seen
Steps for anyone to reproduce the bug
It appears either (a) there’s an issue with
https://addons.firefox.com/ at present, eg, leading to incomplete files, (b) the signing of the add-on (probably 3.0.2) is broken, or © perhaps the download mirrors are out of sync. My guess is this will affect other Firefox users attempting to upgrade/download now (but possibly not all of them).
Currently all my attempts to re-enable/re-install are failing.
- OS/version: macOS 10.4.4 (“Mojave”)
- Browser/version: Firefox 60.6.1esr
- Cookie AutoDelete version: 3.0.2 (I believe 3.0 when the problem first triggered, but 3.02 install fails, so my guess is it’s an auto-ugprade to 3.0.2 issue)
In case it helps, this is the download file that I’m getting at present; the zip file itself does not appear to be corrupt, so my guess is it’s a signing issue:
ewen@mcneill:/var/tmp$ wget 'https://addons.mozilla.org/firefox/downloads/file/1906813/cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary' --2019-05-04 13:35:05-- https://addons.mozilla.org/firefox/downloads/file/1906813/cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary Resolving addons.mozilla.org (addons.mozilla.org)... 22.214.171.124, 126.96.36.199, 188.8.131.52, ... Connecting to addons.mozilla.org (addons.mozilla.org)|184.108.40.206|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://addons.cdn.mozilla.net/user-media/addons/784287/cookie_autodelete-3.0.2-an+fx.xpi?filehash=sha256%3Aec1abb6ae918a1ad63d3e878cf402dc02dde1e4470b0f4b32a3de29bc8eb003a [following] --2019-05-04 13:35:08-- https://addons.cdn.mozilla.net/user-media/addons/784287/cookie_autodelete-3.0.2-an+fx.xpi?filehash=sha256%3Aec1abb6ae918a1ad63d3e878cf402dc02dde1e4470b0f4b32a3de29bc8eb003a Resolving addons.cdn.mozilla.net (addons.cdn.mozilla.net)... 220.127.116.11 Connecting to addons.cdn.mozilla.net (addons.cdn.mozilla.net)|18.104.22.168|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 317653 (310K) [application/x-xpinstall] Saving to: 'cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary' cookie_autodelete-3 100%[===================>] 310.21K --.-KB/s in 0.1s 2019-05-04 13:35:11 (2.55 MB/s) - 'cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary' saved [317653/317653] ewen@mcneill:/var/tmp$ md5sum cookie_autodelete-3.0.2-an+fx.xpi\?src\=dp-btn-primary b96a5131579080c4e0585d33fbe4ebd8 cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary ewen@mcneill:/var/tmp$ sha1sum cookie_autodelete-3.0.2-an+fx.xpi\?src\=dp-btn-primary f961066c7f0b9b054a853189facbbd4260ba7864 cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary ewen@mcneill:/var/tmp$ unzip -t cookie_autodelete* Archive: cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary testing: LICENSE OK testing: manifest.json OK testing: popup/popup.css OK testing: popup/popup.html OK testing: icons/icon_32.png OK testing: icons/close-circle.png OK testing: icons/settings.png OK testing: icons/icon_yellow_48.png OK testing: icons/icon_128.png OK testing: icons/icon_24.png OK testing: icons/icon_red_48.png OK testing: icons/icon_48.png OK testing: _locales/uk/messages.json OK testing: _locales/zh-CN/messages.json OK testing: _locales/fr/messages.json OK testing: _locales/ca/messages.json OK testing: _locales/pl/messages.json OK testing: _locales/ko/messages.json OK testing: _locales/zh-TW/messages.json OK testing: _locales/nl/messages.json OK testing: _locales/cs/messages.json OK testing: _locales/tr/messages.json OK testing: _locales/sv-SE/messages.json OK testing: _locales/ro/messages.json OK testing: _locales/el/messages.json OK testing: _locales/de/messages.json OK testing: _locales/bg/messages.json OK testing: _locales/da/messages.json OK testing: _locales/pt-BR/messages.json OK testing: _locales/sr/messages.json OK testing: _locales/pt-PT/messages.json OK testing: _locales/he/messages.json OK testing: _locales/it/messages.json OK testing: _locales/es-ES/messages.json OK testing: _locales/hu/messages.json OK testing: _locales/id/messages.json OK testing: _locales/no/messages.json OK testing: _locales/en/messages.json OK testing: _locales/ar/messages.json OK testing: _locales/ja/messages.json OK testing: _locales/ru/messages.json OK testing: _locales/af/messages.json OK testing: _locales/fi/messages.json OK testing: _locales/vi/messages.json OK testing: settings/settings.css OK testing: settings/settings.html OK testing: settings/side-menu.css OK testing: bundles/common-popup-setting.bundle.js OK testing: bundles/setting.bundle.js OK testing: bundles/common-background-popup-setting.bundle.js OK testing: bundles/background.bundle.js OK testing: bundles/popup.bundle.js OK testing: global_files/browserDetect.js OK testing: global_files/popper.min.js OK testing: global_files/bootstrap.min.js OK testing: global_files/bootstrap.min.css OK testing: global_files/browser-polyfill.js OK testing: global_files/redux-webext.js OK testing: global_files/jquery-3.2.1.slim.min.js OK testing: META-INF/cose.manifest OK testing: META-INF/cose.sig OK testing: META-INF/manifest.mf OK testing: META-INF/mozilla.sf OK testing: META-INF/mozilla.rsa OK No errors detected in compressed data of cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary. ewen@mcneill:/var/tmp$
- Created 4 years ago
Top GitHub Comments
@laurent7465 The simple answer seems to be that Mozilla managed to let one of the important signing certificates expire (about 3.5 hours ago now), which means pretty much all Firefox addons / extensions are being reported as “unverified” / “corrupt” / etc.
The Mozilla bug:
is where they’re tracking this issue, and already a bunch of Mozilla bugs have been marked as duplicates of that, so I think it affects most/all of them.
Presumably Mozilla will make a new certificate and update everything, but it might take several hours (and maybe require extension / add on creators to upload new versions). Once the new certificate is made and new signed versions are available, it should be possible to install the latest version of each extension/addon to make it work again.
Hope that helps,
PS: See also https://github.com/mozilla/addons/issues/978 for how wide spread the issue is.
+1 for stating this is one of the best -must use- cookies management extensions available. This expired certificate effects Firefox on all platforms ( Ubuntu and Android ).