diff --git a/browser/base/content/test/about/browser.toml b/browser/base/content/test/about/browser.toml
index 97ace73d7f05..011ccc318d82 100644
--- a/browser/base/content/test/about/browser.toml
+++ b/browser/base/content/test/about/browser.toml
@@ -17,8 +17,6 @@ support-files = [
 
 ["browser_aboutCertError_exception.js"]
 
-["browser_aboutCertError_hyphen_telemetry.js"]
-
 ["browser_aboutCertError_mitm.js"]
 
 ["browser_aboutCertError_noSubjectAltName.js"]
diff --git a/browser/base/content/test/about/browser_aboutCertError_cca_telemetry.js b/browser/base/content/test/about/browser_aboutCertError_cca_telemetry.js
index a4f71450a82b..794fc40b2004 100644
--- a/browser/base/content/test/about/browser_aboutCertError_cca_telemetry.js
+++ b/browser/base/content/test/about/browser_aboutCertError_cca_telemetry.js
@@ -40,7 +40,6 @@ async function checkTelemetry(expectedIssuedByCCA) {
       has_sts: "false",
       channel_status: "2153390067",
       issued_by_cca: expectedIssuedByCCA,
-      hyphen_compat: "false",
     },
   ]);
 }
diff --git a/browser/base/content/test/about/browser_aboutCertError_hyphen_telemetry.js b/browser/base/content/test/about/browser_aboutCertError_hyphen_telemetry.js
deleted file mode 100644
index dce391dd14d9..000000000000
--- a/browser/base/content/test/about/browser_aboutCertError_hyphen_telemetry.js
+++ /dev/null
@@ -1,94 +0,0 @@
-/* Any copyright is dedicated to the Public Domain.
- * http://creativecommons.org/publicdomain/zero/1.0/ */
-
-"use strict";
-
-const HYPHEN_LABEL_SITE = "https://hyphen-.example.com";
-const DOMAIN_MISMATCH_SITE = "https://mismatch.badcertdomain.example.com";
-
-registerCleanupFunction(async () => {
-  await resetTelemetry();
-});
-
-async function resetTelemetry() {
-  Services.telemetry.clearEvents();
-  await TestUtils.waitForCondition(() => {
-    let events = Services.telemetry.snapshotEvents(
-      Ci.nsITelemetry.DATASET_PRERELEASE_CHANNELS,
-      true
-    ).content;
-    return !events || !events.length;
-  });
-}
-
-async function checkTelemetry(expectedHyphenCompat) {
-  let loadEvent = await TestUtils.waitForCondition(() => {
-    let events = Services.telemetry.snapshotEvents(
-      Ci.nsITelemetry.DATASET_PRERELEASE_CHANNELS,
-      true
-    ).content;
-    return events?.find(e => e[1] == "security.ui.certerror" && e[2] == "load");
-  }, "recorded telemetry for the load");
-  loadEvent.shift();
-  Assert.deepEqual(loadEvent, [
-    "security.ui.certerror",
-    "load",
-    "aboutcerterror",
-    "SSL_ERROR_BAD_CERT_DOMAIN",
-    {
-      is_frame: "false",
-      has_sts: "false",
-      channel_status: "2153394164",
-      issued_by_cca: "false",
-      hyphen_compat: expectedHyphenCompat,
-    },
-  ]);
-}
-
-add_task(async function test_site_with_hyphen() {
-  await resetTelemetry();
-  let browser;
-  let pageLoaded;
-  await BrowserTestUtils.openNewForegroundTab(
-    gBrowser,
-    () => {
-      gBrowser.selectedTab = BrowserTestUtils.addTab(
-        gBrowser,
-        HYPHEN_LABEL_SITE
-      );
-      browser = gBrowser.selectedBrowser;
-      pageLoaded = BrowserTestUtils.waitForErrorPage(browser);
-    },
-    false
-  );
-  info("Loading and waiting for the certificate error page");
-  await pageLoaded;
-  // Check that telemetry indicates this error was caused by the hyphen in the
-  // domain name.
-  await checkTelemetry("true");
-  BrowserTestUtils.removeTab(gBrowser.selectedTab);
-});
-
-add_task(async function test_domain_mismatch_site() {
-  await resetTelemetry();
-  let browser;
-  let pageLoaded;
-  await BrowserTestUtils.openNewForegroundTab(
-    gBrowser,
-    () => {
-      gBrowser.selectedTab = BrowserTestUtils.addTab(
-        gBrowser,
-        DOMAIN_MISMATCH_SITE
-      );
-      browser = gBrowser.selectedBrowser;
-      pageLoaded = BrowserTestUtils.waitForErrorPage(browser);
-    },
-    false
-  );
-  info("Loading and waiting for the certificate error page");
-  await pageLoaded;
-  // Check that telemetry indicates this error was not caused by a hyphen in
-  // the domain name.
-  await checkTelemetry("false");
-  BrowserTestUtils.removeTab(gBrowser.selectedTab);
-});
diff --git a/build/pgo/certs/cert9.db b/build/pgo/certs/cert9.db
index 7c700ea0e414..365b6c6530ec 100644
Binary files a/build/pgo/certs/cert9.db and b/build/pgo/certs/cert9.db differ
diff --git a/build/pgo/certs/key4.db b/build/pgo/certs/key4.db
index 9b0b67378def..ace3ab3d69ca 100644
Binary files a/build/pgo/certs/key4.db and b/build/pgo/certs/key4.db differ
diff --git a/build/pgo/certs/mochitest.client b/build/pgo/certs/mochitest.client
index 9db70846f6ea..87dce4866c51 100644
Binary files a/build/pgo/certs/mochitest.client and b/build/pgo/certs/mochitest.client differ
diff --git a/build/pgo/certs/wildcard.certspec b/build/pgo/certs/wildcard.certspec
deleted file mode 100644
index 609f258e23cb..000000000000
--- a/build/pgo/certs/wildcard.certspec
+++ /dev/null
@@ -1,3 +0,0 @@
-subject:*.example.com
-issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
-extension:subjectAlternativeName:*.example.com
diff --git a/build/pgo/server-locations.txt b/build/pgo/server-locations.txt
index 6c78362389bc..30af239d58b4 100644
--- a/build/pgo/server-locations.txt
+++ b/build/pgo/server-locations.txt
@@ -402,6 +402,3 @@ https://123.123.123.123:443    privileged,nocert
 # Domain with HSTS preloaded
 http://includesubdomains.preloaded.test:80       privileged
 https://includesubdomains.preloaded.test:443     privileged
-
-# Domain with a hyphen at the end of a label.
-https://hyphen-.example.com:443             privileged,cert=wildcard.pem
diff --git a/netwerk/test/httpserver/httpd.sys.mjs b/netwerk/test/httpserver/httpd.sys.mjs
index df2c161cf924..b9d728d6315d 100644
--- a/netwerk/test/httpserver/httpd.sys.mjs
+++ b/netwerk/test/httpserver/httpd.sys.mjs
@@ -971,14 +971,11 @@ export class NodeServer {
 // address. For simplicity, the regexp below captures all canonical IPv6
 // addresses (e.g. [::1]), but may also match valid non-canonical IPv6 addresses
 // (e.g. [::127.0.0.1]) and even invalid bracketed addresses ([::], [99999::]).
-//
-// For compatibility, domainlabels may begin and/or end with hyphens, which
-// strictly speaking violates these specifications.
 
 const HOST_REGEX = new RegExp(
   "^(?:" +
     // *( domainlabel "." )
-    "(?:[a-z0-9-]*?\\.)*" +
+    "(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\\.)*" +
     // toplabel [ "." ]
     "[a-z](?:[a-z0-9-]*[a-z0-9])?\\.?" +
     "|" +
diff --git a/testing/mochitest/server.js b/testing/mochitest/server.js
index d67d05dc6378..934f0b281cb7 100644
--- a/testing/mochitest/server.js
+++ b/testing/mochitest/server.js
@@ -253,7 +253,7 @@ function processLocations(server) {
       "(" +
       "\\d+\\.\\d+\\.\\d+\\.\\d+" +
       "|" +
-      "(?:[-a-z0-9]*?\\.)*" +
+      "(?:[a-z0-9](?:[-a-z0-9]*[a-z0-9])?\\.)*" +
       "[a-z](?:[-a-z0-9]*[a-z0-9])?" +
       ")" +
       ":" +
diff --git a/toolkit/components/telemetry/Events.yaml b/toolkit/components/telemetry/Events.yaml
index 6fba87a6b8d8..6d3ae404bf7e 100644
--- a/toolkit/components/telemetry/Events.yaml
+++ b/toolkit/components/telemetry/Events.yaml
@@ -3103,7 +3103,6 @@ security.ui.certerror:
       has_sts: If the error page is for a site with HSTS headers or with a pinned key.
       channel_status: The status of the failed channel, as an nsresult.
       issued_by_cca: If trusting the CCA India roots would fix this error.
-      hyphen_compat: If the error is due to a domain label starting or ending with a hyphen.
   click:
     objects: [
       "advanced_button",
diff --git a/toolkit/content/aboutNetError.mjs b/toolkit/content/aboutNetError.mjs
index 4c68b84b123b..425f6b62d033 100644
--- a/toolkit/content/aboutNetError.mjs
+++ b/toolkit/content/aboutNetError.mjs
@@ -1010,33 +1010,6 @@ async function recordSecurityUITelemetry(category, name, errorInfo) {
   }
   if (category == "securityUiCerterror" && name.startsWith("load")) {
     extraKeys.issued_by_cca = false;
-    extraKeys.hyphen_compat = false;
-    // This issue only applies to certificate domain name mismatch errors where
-    // the first label in the domain name starts or ends with a hyphen.
-    let label = HOST_NAME.substring(0, HOST_NAME.indexOf("."));
-    if (
-      errorCode == "SSL_ERROR_BAD_CERT_DOMAIN" &&
-      (label.startsWith("-") || label.endsWith("-"))
-    ) {
-      try {
-        let subjectAltNames = await getSubjectAltNames(errorInfo);
-        for (let subjectAltName of subjectAltNames) {
-          // If the certificate has a wildcard entry that matches the domain
-          // name (e.g. '*.example.com' matches 'foo-.example.com'), then
-          // this error is probably due to Firefox disallowing hyphens in
-          // domain names when matching wildcard entries.
-          if (
-            subjectAltName.startsWith("*.") &&
-            subjectAltName.substring(1) == HOST_NAME.substring(label.length)
-          ) {
-            extraKeys.hyphen_compat = true;
-            break;
-          }
-        }
-      } catch (e) {
-        console.error("error parsing certificate:", e);
-      }
-    }
     let issuer = errorInfo.certChainStrings.at(-1);
     if (issuer && errorCode == "SEC_ERROR_UNKNOWN_ISSUER") {
       try {