Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Firefox AddOn/Extension disabled due to expired Mozilla certificate (60 ESR "could not be verified" / disabled / install fails ("corrupt"))

See original GitHub issue

ETA 2019-05-04 15:42: It turns out this is a known Mozilla bug, affecting most/all Firefox extensions. contains their progress on working on it. It might be several hours before things are fixed up. is the Mozilla announcement channel for progress working on the issue.

Describe the Bug/Feature

Thanks very much for writing Cookie Auto Delete. It’s been a must use extension for me every since the FireFox 57 event horizon.

This afternoon (2019-05-04 NZST), Firefox suddenly reported that it had disabled the Cookie Auto Delete extension (while I was using Firefox), because it “could not be verified for use in Firefox”. I believe at the time the browser was running I had 3.0 installed, but it now shows as having 3.0.2 installed (and disabled). My guess is possibly it tried to auto-update to 3.0.2 in the background, which failed, and then it got disabled.

I’ve subsequently tried to add Cookie AutoDelete again, which failed with the message “Download failed. Please check your connection.” This failed both via my direct Internet connection (which is otherwise working) and via a web proxy on my colo host (which is also otherwise working).

I also attempted to access the download URL directly, which gave the error report “The add-on downloaded form this site could not be installed because it appears to be corrupt.”.

Screenshot in which the bug can be seen

cookie-auto-delete-unsupported cookie-auto-delete-disabled cookie-autodelete-failed cookie-auto-delete-corrupt

Steps for anyone to reproduce the bug

It appears either (a) there’s an issue with at present, eg, leading to incomplete files, (b) the signing of the add-on (probably 3.0.2) is broken, or © perhaps the download mirrors are out of sync. My guess is this will affect other Firefox users attempting to upgrade/download now (but possibly not all of them).

Currently all my attempts to re-enable/re-install are failing.

Your settings

  • OS/version: macOS 10.4.4 (“Mojave”)
  • Browser/version: Firefox 60.6.1esr
  • Cookie AutoDelete version: 3.0.2 (I believe 3.0 when the problem first triggered, but 3.02 install fails, so my guess is it’s an auto-ugprade to 3.0.2 issue)

os-version browser-version

In case it helps, this is the download file that I’m getting at present; the zip file itself does not appear to be corrupt, so my guess is it’s a signing issue:

ewen@mcneill:/var/tmp$ wget ''
--2019-05-04 13:35:05--
Resolving (,,, ...
Connecting to (||:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: [following]
--2019-05-04 13:35:08--
Resolving (
Connecting to (||:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 317653 (310K) [application/x-xpinstall]
Saving to: 'cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary'

cookie_autodelete-3 100%[===================>] 310.21K  --.-KB/s    in 0.1s    

2019-05-04 13:35:11 (2.55 MB/s) - 'cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary' saved [317653/317653]
ewen@mcneill:/var/tmp$ md5sum cookie_autodelete-3.0.2-an+fx.xpi\?src\=dp-btn-primary 
b96a5131579080c4e0585d33fbe4ebd8  cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary
ewen@mcneill:/var/tmp$ sha1sum cookie_autodelete-3.0.2-an+fx.xpi\?src\=dp-btn-primary 
f961066c7f0b9b054a853189facbbd4260ba7864  cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary
ewen@mcneill:/var/tmp$ unzip -t cookie_autodelete*
Archive:  cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary
    testing: LICENSE                  OK
    testing: manifest.json            OK
    testing: popup/popup.css          OK
    testing: popup/popup.html         OK
    testing: icons/icon_32.png        OK
    testing: icons/close-circle.png   OK
    testing: icons/settings.png       OK
    testing: icons/icon_yellow_48.png   OK
    testing: icons/icon_128.png       OK
    testing: icons/icon_24.png        OK
    testing: icons/icon_red_48.png    OK
    testing: icons/icon_48.png        OK
    testing: _locales/uk/messages.json   OK
    testing: _locales/zh-CN/messages.json   OK
    testing: _locales/fr/messages.json   OK
    testing: _locales/ca/messages.json   OK
    testing: _locales/pl/messages.json   OK
    testing: _locales/ko/messages.json   OK
    testing: _locales/zh-TW/messages.json   OK
    testing: _locales/nl/messages.json   OK
    testing: _locales/cs/messages.json   OK
    testing: _locales/tr/messages.json   OK
    testing: _locales/sv-SE/messages.json   OK
    testing: _locales/ro/messages.json   OK
    testing: _locales/el/messages.json   OK
    testing: _locales/de/messages.json   OK
    testing: _locales/bg/messages.json   OK
    testing: _locales/da/messages.json   OK
    testing: _locales/pt-BR/messages.json   OK
    testing: _locales/sr/messages.json   OK
    testing: _locales/pt-PT/messages.json   OK
    testing: _locales/he/messages.json   OK
    testing: _locales/it/messages.json   OK
    testing: _locales/es-ES/messages.json   OK
    testing: _locales/hu/messages.json   OK
    testing: _locales/id/messages.json   OK
    testing: _locales/no/messages.json   OK
    testing: _locales/en/messages.json   OK
    testing: _locales/ar/messages.json   OK
    testing: _locales/ja/messages.json   OK
    testing: _locales/ru/messages.json   OK
    testing: _locales/af/messages.json   OK
    testing: _locales/fi/messages.json   OK
    testing: _locales/vi/messages.json   OK
    testing: settings/settings.css    OK
    testing: settings/settings.html   OK
    testing: settings/side-menu.css   OK
    testing: bundles/common-popup-setting.bundle.js   OK
    testing: bundles/setting.bundle.js   OK
    testing: bundles/common-background-popup-setting.bundle.js   OK
    testing: bundles/background.bundle.js   OK
    testing: bundles/popup.bundle.js   OK
    testing: global_files/browserDetect.js   OK
    testing: global_files/popper.min.js   OK
    testing: global_files/bootstrap.min.js   OK
    testing: global_files/bootstrap.min.css   OK
    testing: global_files/browser-polyfill.js   OK
    testing: global_files/redux-webext.js   OK
    testing: global_files/jquery-3.2.1.slim.min.js   OK
    testing: META-INF/cose.manifest   OK
    testing: META-INF/cose.sig        OK
    testing: META-INF/     OK
    testing: META-INF/mozilla.sf      OK
    testing: META-INF/mozilla.rsa     OK
No errors detected in compressed data of cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary.

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Reactions:1
  • Comments:10

github_iconTop GitHub Comments

ewenmcneillcommented, May 4, 2019

@laurent7465 The simple answer seems to be that Mozilla managed to let one of the important signing certificates expire (about 3.5 hours ago now), which means pretty much all Firefox addons / extensions are being reported as “unverified” / “corrupt” / etc.

The Mozilla bug:

is where they’re tracking this issue, and already a bunch of Mozilla bugs have been marked as duplicates of that, so I think it affects most/all of them.

Presumably Mozilla will make a new certificate and update everything, but it might take several hours (and maybe require extension / add on creators to upload new versions). Once the new certificate is made and new signed versions are available, it should be possible to install the latest version of each extension/addon to make it work again.

Hope that helps,


PS: See also for how wide spread the issue is.

lrvlcommented, May 4, 2019

+1 for stating this is one of the best -must use- cookies management extensions available. This expired certificate effects Firefox on all platforms ( Ubuntu and Android ).

Read more comments on GitHub >

github_iconTop Results From Across the Web

Add-ons disabled or failing to install in Firefox - The Mozilla Blog
If you are running Firefox versions 57 – 60: Install this extension to resolve the expired security certificate issue and re-enable ...
Read more >
Firefox Addons Being Disabled Due to an Expired Certificate
It turns out that this is being caused by an expired intermediary certificate used to sign Mozilla addons.
Read more >
All of my add-ons got disabled and they are all listed ... - Reddit
857 votes, 1.1K comments. All the add-ons just became legacy extensions as they "could not be verified for use in Firefox and has...
Read more >
Your Firefox extensions are all disabled? That's a bug! - gHacks
Related issues have been reported: some users cannot install extensions from Mozilla's official Add-ons repository. Users get "Download failed.
Read more >
How can I disable signature checking for Firefox add-ons?
It is only possible to disable addons verification in Nightly and Developer channel. In other words it is not possible in Beta versions...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found