True, so how do we cure the problem then, Missy
Currently, there's not a lot I can do.
But I already told you how to check that it's TGC and not a MITM...
If you want to verify that it's really us and not an imposter then you can check that the certificate fingerprint is either A7:90:2E:08:83:E6:5F:E3:D5:BF:D0:08:09:A3:5E:B2:CB:09:E1:E8:C8:00:B2:58:53:DE:A2:A8:09:2E:18:6B (SHA256) or D4:25:08:2F:C2:A9:BF:E9:79:57:DA:12:77:B9:97:7E:CB:68:05:87 (SHA1)
So is it a site or browser problem? Surely TOR being all about security shouldn't mess up with SSL certificates
It doesn't mess with them - It simply doesn't recognise/include the CA that signs our certificate.
Why? I don't know - That would be something to take up with the Tor Browser developers.
We use Lets Encrypt to generate our free certs, and they're signed by Let's Encrypt Authority X3 and ultimately by DST Root CA X3
Importing these into the browser (Tools -> Options -> Advanced -> Certificates -> View Certificates -> Import) may provide a longer-term solution, as might 'permanently allowing' the exception (or whatever the exact wording is) when presented with the Warning dialog on connection.
The root CA and intermediate certs are attached below if you want to try it (they'll need unzipping first)