The problem is likely that FR’s using a compromised security certificate. A lot of sites got hit by this problem.
Additional details of the problem:
“secure.freerepublic.com uses an invalid security certificate. The certificate is not trusted because it was signed using a signature algorithm that was disabled because that algorithm is not secure. Error code: SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED”
“https://secure.freerepublic.com/donate/
The certificate was signed using a signature algorithm that is disabled because it is not secure.
HTTP Strict Transport Security: false
HTTP Public Key Pinning: false”
I deleted the certificate chain as it wasn’t needed.
This is related to the SHA-1 vulnerability; several years ago, the phaseout of that algorithm began, but it was only recently that it began being enforced by browsers like Chrome, Firefox, etc.
More info here: https://www.godaddy.com/garage/webpro/security/google-chrome-phasing-ssl-certs-using-sha-1/
Modern browsers like Chrome (since 2015) and now Firefox and others will by default now block (not just warn!) any SSL/security certificate that meets the following criteria:
1. The cert uses the SHA1 hashing algorithm
2. The cert expires on or after 2017-01-01
If both these are met, the site is blocked by default.
Need to go back to the authority issuing the certificate and get them to issue a new one.
So even if I tried to donate, Firefox would black it anyway ?
Follow-up with more information - yes, SHA1 *has* been broken.
http://www.theverge.com/2017/2/23/14712118/google-sha1-collision-broken-web-encryption-shattered
“As a result, most sites have already dropped SHA-1. As recently as 2014 it was being used for as much as 90 percent of the encryption on the web, but its been mostly abandoned in the years since. As of January 1st, every major browser will show you a big red warning when you visit a site secured by SHA-1. Its hard to say how many of those sites are left, but anyone with a halfway decent certificate provider is already safe.”
As soon as I read the post immediately SHA-1 came to mind.