I use Firefox Extended Support Release (‘ESR’) version 102.14.0 to load the Syncthing web UI. (Why? Never mind.) The computer at issue runs Windows 10. Previously when I tried to load the UI I saw a bypassable security warning; and I did bypass it, and all was fine. Suddenly I see the following unbypassable warning and hence cannot load the UI:
Secure Connection Failed
An error occurred during a connection to localhost:8384. Certificate key usage inadequate for attempted operation.
Error code: SEC_ERROR_INADEQUATE_KEY_USAGE
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the web site owners to inform them of this problem.
(There is an old, inconclusive thread on this forum about that error, here.)
Configurations of mine that can run the Syncthing web UI:
Firefox normal edition (version 116.0.2) on the Windows 10 PC;
Chrome on the Windows 10 PC;
a Linux PC of mine, with the same version of Syncthing as the Windows PC and with the same version of Firefox ESR.
EDIT: this page suggests deleting a certificate file. I did that. No change.
Is the Firefox ESR installation fresh? If not, could you try with a new profile? I’ve just tested this with the same version of Firefox ESR, and here the GUI opens without any issues.
Chances are that the certificate database for the Firefox profile is corrupted.
If the regular edition Firefox on the same Windows 10 PC, or Firefox ESR on your Linux PC, were pointed at the broken Firefox profile, it’d experience the same problem.
With two editions of Firefox on the same PC, you’ll have at least two Firefox profiles (each profile is tagged with the version number of Firefox that last touched it).
To remove the damaged certificate store:
Exit/Close Firefox ESR.
Open the Firefox ESR profile folder.
Delete the cert9.db file.
If you don’t know where your Firefox ESR profile currently is:
Launch Firefox ESR.
In the address bar, go to the special page about:support
Scroll down to the fine the row labeled “Profile Directory”.
Click the [Open Directory] button to launch the local file manager.
Follow the previous steps above regarding the certificate store.
The next time the Firefox profile is used, Firefox will rebuild the missing certificate store (it caches temporary copies of website certificates such as the one for Syncthing).
On a related note…
If Syncthing’s web GUI on the Windows 10 PC is only locally accessible (i.e., http://127.0.0.1:8384, http://localhost:8384/), there’s very little security advantage to using HTTPS. If malware or something else was sniffing network traffic on the Windows 10 PC, it could just as easily copy Syncthing’s API key, substitute a different certificate, etc.