I have stumbled upon a fix for Clementine's inability to scrobble to Last.fm which I reported earlier. It turns out to be a problem with Firefox, not Clementine: I mentioned last time that the error reported seemed to indicate that Last.fm was replying to Clementine's authorisation request in plain http when secure https was expected. This was close! In fact, Last.fm explicitly do use http for this authorisation process and it's Firefox's built-in attempts to upgrade the connection to https that's causing the problem.
So the fix is to temporarily stop Firefox attempting to upgrade to https all the time. This is done in the about:config page; search for security.csp, as shown here:
The first option shown (security.csp.enable) is the one which, if enabled, causes this 'escalate to https' behaviour (since the “csp” in its name stands for Content Security Policy). So double-click it to flip to 'false' and then try your Clementine↔Last.fm authorisation process again:
As you can see, Clementine is now registered and happy with its connection to Last.fm. That done, you should double-click the “security.csp.enable” item in about:config once more to flip it back to being enabled: using secure http rather than its insecure cousin is something you probably want to do more often than not.