Ultimately this comes down to the certificates not passing the security checks put in place by Mozilla.
Until this situation changes, we should continue with the practice of buying certificates like do for www.fsf.org
signature.asc
Description: OpenPGP digital signature
