Created attachment 8837360 [details] sha1_broken_sites_intermediates.txt Sites that have failed to update their SHA1-encoded end-entity certs will soon be broken in Fx53. This is captured in bug 1330043. Sites that have updated their end-entity certs, but still chain to SHA1-encoded *intermediate* certs, will also be broken in Fx53. This might be unexpected to some site owners. These sites may or may not work in latest Chrome, depending on Chrome's support of AIA-chasing and race conditions resulting from certificate fetching. This bug is to alert evangelists to a list of sites surfaced by the TLS Canary that - at time of testing (2017-02-09) - seemed to fit the above description. Keep in mind that sites are currently upgrading and some may have already fixed the problem. Also, many sites operate on both a TLD and with a "www" prefix, and some sites often have one of these broken. The attached list specifies exactly which domain is affected, as well as the site rank assigned to it.