The reason the TOR browser worked is likely because it's running in incognito mode, and isn't storing
HSTS data. If you opened up another browser that you've never used to connect to ninjette before, it would likely have worked as well. The way that setting works between web servers and clients is like this: Once you go to a site, and it has a legitimate SSL certificate, the browser says "OK" and keeps track of it. Forevermore, if you use that browser to go to that site, it confirms there is a valid cert, and if there isn't, it hard fails it and will not allow you to bypass. If you open up a completely new browser and go to the site, it may warn you that the site has a bad cert, but it will let you bypass the warning.
You can go into an existing browser, and there are ways to delete the HSTS stored data. I've had to do that a few times when I do screw up the SSL cert and still have to get to a site with the same browser.