Start9 HTTPS does not work with Librewolf and LinuxMint OS

Greetings, I am running the newest version of LinuxMint OS and the latest 118 version of the LibreWolf browser which is a privacy oriented fork of the FireFox browser. I followed to the steps in the link below to the letter:

Therefore, I was disappointed to find out at the end of configuring my Librewolf browser my Start9 HTTPS connection does not work. I get the error shown below:

Hmm. We’re having trouble finding that site.
We can’t connect to the server at xxxxx-xxxxxx.local.
If you entered the right address, you can:
    Try again later
    Check your network connection
    Check that LibreWolf has permission to access the web (you might be connected but behind a firewall)
Try Again

The only way I am able to connect to my Start9 RasPi Server is by typing in the its IP address in my LibreWolf browser URL field. This invokes the Start9 login screen where I enter my password and enter the Start9 home page in a HTTP not HTTPS window.

In an effort to make my Start9 HTTPS to work I performed the following two steps which are not part of the steps included in the link above.

First, I removed the checkmark from the “Query OCSP responder…” parameter (see screenshot below). This did not fix my Start9 HTTPS connection problem.

Second, I clicked in the “View Certificates” button (see screenshot below) which invokes the Certificate Manager window. Inside this window I selected the “Authorities” tab and then Imported the Start9 ROOT CA certificate file I downloaded. I thought this would fix my Start9 HTTPS problem because I saw the Start9 ROOT CA listed inside the Authorities table but much to my disappointment I still cannot get a Start9 HTTPS connection to my Start9 Raspi server working as it suppose to. Only the insecure HTTP connection works by manually typing in my RasPi Server IP.

I am new to Start9 and I left Umbrel due to a variety of reasons one of them the lack of HTTPS in Umbrel. In short, I need advice aimed at getting my Start9 HTTPS connection to work in my LibreWolf browser. Below are some of my questions:

  • Is there any need to make any changes to my LinuxMint Firewall? I have not touched it and I would like to know if I should tweak it for the purpose of making my Start9 HTTPS work?

  • What LinuxMint browser should I tryout as an alternative to Librewolf that has been proven by Start9 to work with their ROOT CA certificate that results in a functional HTTPS connection?

Any advice welcome. Thank you for your time.

While not a complete answer, something doesn’t add up…

If the issue was with the CA configuration, you’d get an error related to the certificate. In LibreWolf you’d then be able to add an exception (i.e. not fix the problem) and continue on your way using https to access your unique adjective-noun.local link without a problem.

You might instead want to see if something on your machine or network is blocking traffic over port 443 in some way.

StuPleb, thank you for your post. I hope you or somebody in this forum can clarify the following. From the basic knowledge I have Port 443 is the common port for https connections. In short, my LibreWolf browser uses port 443 to successfully connect to outside https websites such as the example one shown below:

So here is my question, if my LibreWolf browser successfully connects to the example https website shown above, doesn’t that mean we can rule out my port 443 having blocked traffic problems? In other words, if I am unable to connect to my Start9 https-adjective-noun.local link shouldn’t I also not be able to connect to the link shown above?

Can anybody please answer my questions below:

  • Is anybody in this forum using LibreWolf to successfully connect to a Start9 https-adjective-noun.local link?
  • Can somebody recommend a browser that has been proven to be compatible with Start9? I ask because I’m thinking maybe my LibreWolf browser is the problem.
  • Can somebody be so kind to suggest additional troubleshooting ideas I can perform to figure out why my LibreWolf browser fails to connect to my Start9 https-adjective-noun.local link but does successfully http connect if I manually type in my Raspberry Pi IP number into the URL field of my LibreWolf browser?

Thank you for your time.

Hi, have you finished guide " Trusting Your Start9 CA on Linux" system-wide?

This is why my answer was not “complete”.

I’m assuming you’ve gone through the Trusting the CA guide posted above. I know you mentioned you completed the browser steps to the letter, but maybe you did miss the starting point? I do doubt it though, because the error is related to networking and not to the certificate.

I didn’t mean to complicate things with mentioning the port, that’s just my first guess of something you should look into… that for some reason your networking setup is preventing you from using https over the local network. Whether this is a router or client-side VPN or firewall, I can’t guess further.

Let’s maybe take a step back and deal with this via your block of questions in bullets.

  1. Temporarily install vanilla Firefox
  2. Complete the same Trust CA guide
  3. Complete the same browser configuration

If it works, your issue lays with something to do with LibreWolf.
If it doesn’t work, your issue lies with your network configuration.

That at least gives you a starting point.

Let’s take a step back here. Your problem is almost certainly nothing to do with the Root CA, or Librewolf. I use Librewolf every day with StartOS. Your PC is completely unable to reach the site via .local. This means that most likely either:

  1. your machine is not on the same network, or
  2. something is preventing it from accessing mDNS (.local) addresses

Please ensure you are on the same network as the server, ideally using ethernet for both into the router directly, even if just to test. Sometimes wireless networks are not on the same network as the rest of the LAN. Then ensure that no VPN or custom firewall is blocking .local access. One other thing worth asking - are you using Librewolf via a snap, flatpak, etc? These jailed installs can sometimes block local connections. If all this fails, then it’s possible that your router is blocking mDNS requests.

Start9dave, thank you for your post. I made some progress thanks to your advice relating to connecting it directly to my router. Originally, my Start9 RasPi pc was connected to an 8 port Netgear switch, and this Netgear switch was connected to a 16 port HP switch which in turn was connected directly to my Netgear router. So by connecting my Start9 RasPi directly to the router I bypassed to separate switches.

So now I see a login Start9 window where I need to enter a password. However, I hope you or somebody in this forum can clarify the following. My LibreWolf https connection now only works if I type into the LibreWolf URL field the https address as shown below.

Which is the IP for my Start9 RasPi pc. But if I attempt to use my https://adjective-noun.local address LibreWolf prompts the error message that begins as shown below:

Hmm. We’re having trouble finding that site.

In short, does it matter if my adjective-noun.local address does not give me HTTPS access but my RasPi Https://IP address does? Does this in any way compromise my Start9 RasPi HTTPS connection or security?

The way I see it is I finally got my LibreWolf to HTTPS connect to my Start9 RasPi which was not the case before. So I am happy I have gotten this far, but wondering if using my https:// adjective-noun.local address is 100% necessary.

Any advice welcome.

Using the IP address doesn’t compromise security or functional access to your StartOS UI.

But… being able to access it from the IP address but not your adjective-noun.local is probably going to cause you issues with opening the UI to services.

Can you open a Service UI over its .local with https:// ?

There are likely two points to investigate:

  • your client (something misconfiguration locally to the client, in the OS or with something intercepting network functions)

  • your network (are those perhaps managed switches with interfaces that allow you to configure things?)

To clarify a bit on Stu’s points, your issue is to do with mDNS resolution, and this could be on the client, or the router. Let us know what you find out

I am back to post the solution to the problems I encountered so it can help others in the future avoid the brick wall I crashed into. My mistake was due to being a Linux Mint OS newbie. I installed LibreWolf using the Linux Mint Software Center which only offers it as Flatpak package install. After I installed LibreWolf flatpak, I uninstalled the regular default FireFox browser which was not too smart. In short, I did not know this but the Flatpak package install of LibreWolf is designed to keep this browser inside a sandbox. This was the cause to all of my HTTPS certificate headaches.

I still use my LibreWolf Flatpak as my daily driver browser. However, I also installed the AppImage package for LibreWolf and use it for only Start9 access. In short, the LibreWolf AppImage package works perfectly with Start9. And an added bonus to the LibreWolf AppImage install is how it is compatible with my Yubikey which the Flatpak install is not.

Thank you to everybody who posted in this thread. I feel I should apologize for making such a stupid mistake.

1 Like

Thanks for reporting back. There are several new “jailed” package types, such as snaps, flatpaks, and appimages. These all have had various issues and unintended consequences. Glad you got it sorted out, I’ll mark your response as the solution.

I had a similar mdns issue with the flatpak version of Brave on Linux Mint. I uninstalled it and installed it from the repositories Brave recommends on their website.