"nvd.nist.gov has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can't add an exception to visit this site.
for chrome users, to bypass this: just type "thisisunsafe" while focused on the error page. not very helpful in this scenario, but for other HSTS issues it might be! 2c
The fact that certificates for .gov's can still (due to procedural laziness) expire on a federal holiday without even a third party automated tweet to even notify the responsible or affected parties is a pure Kafka-eqsue tragedy when considered of the statistical inevitability that someone, somewhere, will lose their life to the coincidental crossroads of technical and bureaucratic err.
Some of the site's infrastructure is using an expired cert referencing letsencrypt R3 and other bits are serving a working cert at letsencrypt R10. Broken ACME updates maybe.
This can be so hard to get right! But I guess an automation oopsie is a step up from the need for spreadsheets, NMS checks, calendar reminders, and still having things expire once turnover erodes institutional knowledge.
Replying again, the inconsistency seems to be because their cert is fine over IPv6 but IPv4 is still showing expired. That’s a very strange setup y’all have there NIST.
"nvd.nist.gov has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can't add an exception to visit this site.
(...) there is nothing you can do to resolve it."