Secruity issue with downloading modules - blocked

I think so. But when I look at all the certificates, there’s nothing vassal-related by name. Is that what I’m looking for?

I’m on a Mac by the way. I’ve tried Chrome and Safari

Can you show me what you’re seeing?

I just now got it to download with Firefox (which I never use). Does that explain anything?

It makes me think Chrome has the expired certificate cached. But I would like to confirm that by seeing the certificate Chrome has. Please show me that.

sorry, but do you know where I would find that exactly?

Safari didn’t work either (same-ish message)

In your URL bar directly to the left of the URL text.

here they are from the overall module list; the specific module, and the module download (where there is not lock; and where the problem is)

You have to click again where it says “Certificate is valid” to bring up the detailed certificate information. That’s what he needs to see.

1 Like

Except that the “Certificate is valid” one won’t help—that one is fine. It’s the invalid one I need to see.

True–I’m unable to reproduce the “connection is not private” error. I can successfully download that exact module in Chrome on MacOS. Chrome build reports as:

Chrome is up to date
Version 96.0.4664.110 (Official Build) (arm64)

sorry for the duplicate, but the forum won’t let a new user post more then 3 replies.

1 Like

Thank you! That’s exactly the information I needed.

The problem is not that you have a cached version of our certificate from before Monday—you have the current one, which is good until February 2022. Instead, the problem is that the your browser is checking the expired DST Root CA X3 certificate.

That issue is discussed at some length here. There’s nothing we can do about this on our end. The solution is to make sure that your browser and OS are current.

I think the reason this is happening now instead of on 30 September when the DST Root CA X3 expired is that our old certificate, which had that root certificate as part of its signing chain, was signed in the middle of September, before the DST Root CA X3 certificate expired, so was still good for about two and a half months after that.

A little more background:

And some advice for how to update manually if you’re stuck with something that no longer receives updates:

1 Like

You are correct. I updated my OS. Which I thought was up-to-date, but wasn’t.

And now the downloads work fine, in both Chrome and Safari.

thanks for tracking that down

3 Likes

I’m having the same issue. I read the above solution and made sure my Mac & Firefox was current. When I just tried to download a For The People module I still got the same
“Did Not Connect: Potential Security Issue” warning and it will not let me override it.

Forgot to add that I also deleted all the cookies before trying.

There’s no point in deleting cookies. It’s not a cookies problem.

Which versions of MacOS and Firefox are you using?

Mac-10.15.7
Firefox-95.0.2

Your Firefox is current. Are you able to open the dialog showing the certificate when you get the error and post a screenshot of that?