Before anyone blindly turns off that warning by disabling OCSP, double-check that it's really not a client issue. Turning off warning messages is something you only do if you have a VERY GOOD reason and you know what you're doing - or if you are the White House, where "the alarm system had been switched off due to complaints from staff that it was too noisy". However, if you take this issue seriously, you don't do that.
It might simply be that the system clock is slow, because the error message says "contains a date in the future". And it is much more likely that your computer's date/time is incorrect rather than that of the server (that could affect hundreds of clients).
Open a terminal and check your time:
$ date
Restart your NTP service to correct it:
$ sudo systemctl restart ntpd && echo OK
If you don't have the NTP service installed ("not-found" error), install it:
$ sudo pacman -S ntp
Also, make sure it's enabled
$ sudo systemctl is-enabled ntpd || sudo systemctl enable ntpd
With NTP installed and enabled, restart it, give it a couple of seconds to fetch the time and then check the time:
$ sudo systemctl restart ntpd && sleep 30 && date
Then try accessing the website again.
Depending on what desktop environment you use, you may be able to use graphical tools instead of those commands.
And for those who have "fixed" this issue by disabling every security feature until it worked: Please re-enable whatever you have disabled. If you've disabled OCSP, enable it again. Those features are there for a reason.
Issue #1: sec_error_ocsp_server_error
can occur for other reasons than OCSP server internal error.
From Bugzilla bug 495380:
SEC_ERROR_OCSP_SERVER_ERROR is used 5 times in ocsp.c for everything from an internal OCSP server error to failing create the request session and any number of different problems writing the request to the remote server.`
Issue #2: I believe that Firefox is caching this error but should not do so, so I created Bugzilla bug report 1014979.
Workarounds (from a post that I wrote at another forum):
Method #1: Restart Firefox.
Method #2: Go to Options->Advanced->Certificates-> Validation. Set checkbox "When an OCSP server connection fails, treat the certificate as invalid" to the opposite of what it is now, and then press OK button twice. That is sufficient to clear the OCSP cache. However, since you probably want the original setting that you just changed, go to Options->Advanced->Certificates-> Validation and set checkbox "When an OCSP server connection fails, treat the certificate as invalid" back to the value that was there before you read this post, then press OK button twice.
Best Answer
Go to
about:config
. Addmy-ssl-site
tosecurity.tls.insecure_fallback_hosts
:Seems to be broken in Firefox 80.0.