Drilling down, there is more info
Websites prove their identity via certificates.n Tor Browser does not trust this site because it uses a certificate that is not valid for nosmeroix3mixibdzzkjncxa4pp4ovvwp7xgaxtucx2roskv52w3hpyd.onion. The certificate is only valid for m.nosmero.com.
Fixed! The issue was that port 443 was mapped in the Tor hidden service config, and when Tor Browser tried HTTPS, it got the SSL certificate for m.nosmero.com instead of the .onion address.
Tor hidden services don't need HTTPS because Tor already provides end-to-end encryption.
Thanks for finding the bug!
