I decided to configure automatic switching between main optical internet channel and satellite backup. With old Asus router. And I've got SEC_ERROR_REUSED_ISSUER_AND_SERIAL after changing device IP address. It is well known problem, you have to remove stored certificate for this host/issuer. Mozilla developers even published manual:

Removing all obvious records didn't help. I have to notice, that FireFox doesn't show invalid certificat information in page info at all, like if it doesn't exist. Chrome doen't work with so old SSL version. But Chromium is OK :) So, I could see certificate details like Name, Issuer, Serial, etc. then found and removed still several records. Without success.

Internet says that deleting cert9.db helps. Ok, but it contains all other vaid certificates. So, I've opened this SQLite file and inspected it. There is useful Lunix tool sqlitebrowser. Is is obvious, that a3 field is the name of certificate. If you look at DB indexes, you can see that a81 is Issuer, but there is some binary header here. I didn't find anything interesting in names. But last record contained Serial of 'bad' certificate in a81 field. Removal of this record helped. Looks like sometimes we have to remove certificates from browser DB manually.