Firefox detected a potential security threat and did not continue to because this web site requires a secure connection.

Web sites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for The certificate is only valid for the following names:,

This looks like you made an error in entering your IPFire name into your browser.

Did you use http instead of https?

Did you add the :444 port name at the end of the name? I believe without that it will go to the internet to search for that host/domain name.

You have also used a publicly resolvable domain name for your system, which belongs to IPFire so if your system ends up going to the internet to search for this domain it will find their certificates which will not be valid for your IPFIre system.

You should only use a publicly resolvable domain name for IPFire if you own the domain name or if you are using a DDNS supplied Dynamic domain name in which case the domain name will resolve to your IPFire’s IP address.

What are you looking for?

Just out of curiosity, as I’ve been working with IPFire for some time but never stumbled upon, how did you end up there?

As for @bonnietwin; @stinga is not connecting to an IPFire instance, but to a public service on the domain.

To prove the cert error I performed an nmap to retrieve the cert info (as it’s not a page I can visit with the browser).

$ nmap -p 443 --script ssl-cert
Warning: Nmap may not work correctly on Windows Subsystem for Linux.
For best performance and accuracy, use the native Windows build from
Starting Nmap 7.80 ( ) at 2021-08-09 10:16 CEST
Nmap scan report for (
Host is up (0.018s latency).
Other addresses for (not scanned): 2001:678:b28::
rDNS record for

443/tcp open  https
| ssl-cert: Subject:
| Subject Alternative Name:,
| Issuer: commonName=R3/organizationName=Let's Encrypt/countryName=US
| Public Key type: ec
| Public Key bits: 384
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2021-06-30T22:26:54
| Not valid after:  2021-09-28T22:26:53
| MD5:   c0b5 34bc 50ec a952 1527 4243 9efd 6b50
|_SHA-1: fbb3 fb3d 6a5a fe0b 4cc7 6cd6 36c5 dbf7 afd6 f7fe

Nmap done: 1 IP address (1 host up) scanned in 5.98 seconds

So the CN points to and reverse lookup translates to; the names don’t add up.

I still wonder:

  1. What does do? Just a ping-back to check internet connectivity from within the system?
  2. Maybe the team can update the cert to include the ping sub-domain (or use a wildcard if it’s used for several services, this will impact SNI checks though).
1 Like

OK, then I have misunderstood the reason for the post. More explanation needs to be given then as to what was trying to be done.

Agreed :wink: I’m not sure what this endpoint is supposed to do in the IPFire ecosystem

It’s used by IPFire for pinging as fallback if the gateway not respond to ping.

There is no webserver for ‘’ but our load balancer will send a fail page with its on cert which not match. (We don’t get a wildcard cert for

1 Like

Does not look good for a security product! :slight_smile:

I again have no idea where this post is going to lead, so I am closing it to save everybody some time. is a ping target which is being used if the ISP gateway does not respond. It is nothing more, nothing less. It responds to ICMP echo request and it currently our main firewall in our main data center in Hanover, Germany. This firewall is also acting as our load-balancer for our website, downloads, this forum and many more things. There is no website on “” and it does not need to be.

I do not see how you are connecting this to a security problem.