Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Firefox AddOn/Extension disabled due to expired Mozilla certificate (60 ESR "could not be verified" / disabled / install fails ("corrupt"))

See original GitHub issue

ETA 2019-05-04 15:42: It turns out this is a known Mozilla bug, affecting most/all Firefox extensions. https://bugzilla.mozilla.org/show_bug.cgi?id=1548973 contains their progress on working on it. It might be several hours before things are fixed up. https://discourse.mozilla.org/t/certificate-issue-causing-add-ons-to-be-disabled-or-fail-to-install/39047 is the Mozilla announcement channel for progress working on the issue.

Describe the Bug/Feature

Thanks very much for writing Cookie Auto Delete. It’s been a must use extension for me every since the FireFox 57 event horizon.

This afternoon (2019-05-04 NZST), Firefox suddenly reported that it had disabled the Cookie Auto Delete extension (while I was using Firefox), because it “could not be verified for use in Firefox”. I believe at the time the browser was running I had 3.0 installed, but it now shows as having 3.0.2 installed (and disabled). My guess is possibly it tried to auto-update to 3.0.2 in the background, which failed, and then it got disabled.

I’ve subsequently tried to add Cookie AutoDelete again, which failed with the message “Download failed. Please check your connection.” This failed both via my direct Internet connection (which is otherwise working) and via a web proxy on my colo host (which is also otherwise working).

I also attempted to access the download URL directly, which gave the error report “The add-on downloaded form this site could not be installed because it appears to be corrupt.”.

Screenshot in which the bug can be seen

cookie-auto-delete-unsupported cookie-auto-delete-disabled cookie-autodelete-failed cookie-auto-delete-corrupt

Steps for anyone to reproduce the bug

It appears either (a) there’s an issue with https://addons.firefox.com/ at present, eg, leading to incomplete files, (b) the signing of the add-on (probably 3.0.2) is broken, or © perhaps the download mirrors are out of sync. My guess is this will affect other Firefox users attempting to upgrade/download now (but possibly not all of them).

Currently all my attempts to re-enable/re-install are failing.

Your settings

OS/version: macOS 10.4.4 (“Mojave”)
Browser/version: Firefox 60.6.1esr
Cookie AutoDelete version: 3.0.2 (I believe 3.0 when the problem first triggered, but 3.02 install fails, so my guess is it’s an auto-ugprade to 3.0.2 issue)

os-version browser-version

In case it helps, this is the download file that I’m getting at present; the zip file itself does not appear to be corrupt, so my guess is it’s a signing issue:

ewen@mcneill:/var/tmp$ wget 'https://addons.mozilla.org/firefox/downloads/file/1906813/cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary'
--2019-05-04 13:35:05--  https://addons.mozilla.org/firefox/downloads/file/1906813/cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary
Resolving addons.mozilla.org (addons.mozilla.org)... 34.209.31.216, 34.208.191.228, 52.34.226.199, ...
Connecting to addons.mozilla.org (addons.mozilla.org)|34.209.31.216|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://addons.cdn.mozilla.net/user-media/addons/784287/cookie_autodelete-3.0.2-an+fx.xpi?filehash=sha256%3Aec1abb6ae918a1ad63d3e878cf402dc02dde1e4470b0f4b32a3de29bc8eb003a [following]
--2019-05-04 13:35:08--  https://addons.cdn.mozilla.net/user-media/addons/784287/cookie_autodelete-3.0.2-an+fx.xpi?filehash=sha256%3Aec1abb6ae918a1ad63d3e878cf402dc02dde1e4470b0f4b32a3de29bc8eb003a
Resolving addons.cdn.mozilla.net (addons.cdn.mozilla.net)... 13.35.143.59
Connecting to addons.cdn.mozilla.net (addons.cdn.mozilla.net)|13.35.143.59|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 317653 (310K) [application/x-xpinstall]
Saving to: 'cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary'

cookie_autodelete-3 100%[===================>] 310.21K  --.-KB/s    in 0.1s    

2019-05-04 13:35:11 (2.55 MB/s) - 'cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary' saved [317653/317653]
ewen@mcneill:/var/tmp$ md5sum cookie_autodelete-3.0.2-an+fx.xpi\?src\=dp-btn-primary 
b96a5131579080c4e0585d33fbe4ebd8  cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary
ewen@mcneill:/var/tmp$ sha1sum cookie_autodelete-3.0.2-an+fx.xpi\?src\=dp-btn-primary 
f961066c7f0b9b054a853189facbbd4260ba7864  cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary
ewen@mcneill:/var/tmp$ unzip -t cookie_autodelete*
Archive:  cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary
    testing: LICENSE                  OK
    testing: manifest.json            OK
    testing: popup/popup.css          OK
    testing: popup/popup.html         OK
    testing: icons/icon_32.png        OK
    testing: icons/close-circle.png   OK
    testing: icons/settings.png       OK
    testing: icons/icon_yellow_48.png   OK
    testing: icons/icon_128.png       OK
    testing: icons/icon_24.png        OK
    testing: icons/icon_red_48.png    OK
    testing: icons/icon_48.png        OK
    testing: _locales/uk/messages.json   OK
    testing: _locales/zh-CN/messages.json   OK
    testing: _locales/fr/messages.json   OK
    testing: _locales/ca/messages.json   OK
    testing: _locales/pl/messages.json   OK
    testing: _locales/ko/messages.json   OK
    testing: _locales/zh-TW/messages.json   OK
    testing: _locales/nl/messages.json   OK
    testing: _locales/cs/messages.json   OK
    testing: _locales/tr/messages.json   OK
    testing: _locales/sv-SE/messages.json   OK
    testing: _locales/ro/messages.json   OK
    testing: _locales/el/messages.json   OK
    testing: _locales/de/messages.json   OK
    testing: _locales/bg/messages.json   OK
    testing: _locales/da/messages.json   OK
    testing: _locales/pt-BR/messages.json   OK
    testing: _locales/sr/messages.json   OK
    testing: _locales/pt-PT/messages.json   OK
    testing: _locales/he/messages.json   OK
    testing: _locales/it/messages.json   OK
    testing: _locales/es-ES/messages.json   OK
    testing: _locales/hu/messages.json   OK
    testing: _locales/id/messages.json   OK
    testing: _locales/no/messages.json   OK
    testing: _locales/en/messages.json   OK
    testing: _locales/ar/messages.json   OK
    testing: _locales/ja/messages.json   OK
    testing: _locales/ru/messages.json   OK
    testing: _locales/af/messages.json   OK
    testing: _locales/fi/messages.json   OK
    testing: _locales/vi/messages.json   OK
    testing: settings/settings.css    OK
    testing: settings/settings.html   OK
    testing: settings/side-menu.css   OK
    testing: bundles/common-popup-setting.bundle.js   OK
    testing: bundles/setting.bundle.js   OK
    testing: bundles/common-background-popup-setting.bundle.js   OK
    testing: bundles/background.bundle.js   OK
    testing: bundles/popup.bundle.js   OK
    testing: global_files/browserDetect.js   OK
    testing: global_files/popper.min.js   OK
    testing: global_files/bootstrap.min.js   OK
    testing: global_files/bootstrap.min.css   OK
    testing: global_files/browser-polyfill.js   OK
    testing: global_files/redux-webext.js   OK
    testing: global_files/jquery-3.2.1.slim.min.js   OK
    testing: META-INF/cose.manifest   OK
    testing: META-INF/cose.sig        OK
    testing: META-INF/manifest.mf     OK
    testing: META-INF/mozilla.sf      OK
    testing: META-INF/mozilla.rsa     OK
No errors detected in compressed data of cookie_autodelete-3.0.2-an+fx.xpi?src=dp-btn-primary.
ewen@mcneill:/var/tmp$

Issue Analytics

State:
Created 4 years ago
Reactions:1
Comments:10

Top GitHub Comments

3reactions

ewenmcneillcommented, May 4, 2019

@laurent7465 The simple answer seems to be that Mozilla managed to let one of the important signing certificates expire (about 3.5 hours ago now), which means pretty much all Firefox addons / extensions are being reported as “unverified” / “corrupt” / etc.

The Mozilla bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=1548973

is where they’re tracking this issue, and already a bunch of Mozilla bugs have been marked as duplicates of that, so I think it affects most/all of them.

Presumably Mozilla will make a new certificate and update everything, but it might take several hours (and maybe require extension / add on creators to upload new versions). Once the new certificate is made and new signed versions are available, it should be possible to install the latest version of each extension/addon to make it work again.

Hope that helps,

Ewen

PS: See also https://github.com/mozilla/addons/issues/978 for how wide spread the issue is.

2reactions

lrvlcommented, May 4, 2019

+1 for stating this is one of the best -must use- cookies management extensions available. This expired certificate effects Firefox on all platforms ( Ubuntu and Android ).