Rated 4 out of 5 stars

Great job, but the add-on needs more features to not be annoying to the user. Spamming the user with messages defeats the main purpose of the add-on, because after a while one stops paying attention to them. It becomes similar to banner blindness.

There are few things that should be added ASAP.
1. Configuration option to check embedded content certificates only if the webste itself is using HTTPS. It's not really important if an image comes from trusted source if whole website in which it is embedded is served via plain HTTP. Also the user will not spend time on verifying certificate of some image hotlinked on a forum from random hosting, but just accept the certificate to get rid of an annoying message. This is worse than not being notified at all.
2. Ability to not store each domain covered by wildcard certificate in the database. Instead only one entry for such certificate should be stored. The reason is that some providers (for example Google) uses randomly-generated subdomain names, which pollute the database quite fast.

This review is for a previous version of the add-on (2.0.14.1-signed.1-signed).