How to Fix the NET::ERR_CERT_AUTHORITY_INVALID Error

Even if you do have an SSL certificate installed on your website, your users may run into the NET::ERR_CERT_AUTHORITY_INVALID error. Despite its intimidating name, the invalid certificate authority error isn’t something you should panic about.

Simply put, your browser doesn’t recognize the validity of your certificate. To keep you ‘safe’ it displays this error, so you’re aware that there’s something fishy going on. As the website owner, though, there are a lot of things you can do to fix the problem.

In this tutorial, we’ll talk about what the error message means, and how it looks in different browsers. Then we’ll teach you how to fix the NET::ERR_CERT_AUTHORITY_INVALID error by covering all of its likely causes.

Let’s get to work!

What the NET::ERR_CERT_AUTHORITY_INVALID Error Is

As the name of the error implies, this problem pops up when your browser can’t verify the validity of your website’s SSL certificate. If you haven’t set up a certificate or are using HTTP for your website, which isn’t recommended, you shouldn’t run into this error.

Generally speaking, there are three primary causes for the invalid certificate authority error. Let’s break down each one in turn:

1. You’re using a self-signed SSL certificate. Using a self-signed certificate can save you money, but since browsers can’t verify its validity, your visitors may run into the error in question. Browser warnings can scare a lot of users away, so we recommend against this approach.
2. Your certificate has expired. SSL certificates expire as a security precaution. How long your certificate lasts can vary, but at some point, you’ll need to renew it or automate the renewal process (some authorities and web hosts enable you to do this easily).
3. The certificate comes from a non-trusted source. Just as with self-signed certificates, if browsers can’t verify the authority that generated your certificate, you’ll see an error.

Remember that every time a user visits a website with an SSL certificate, their browser needs to validate and decrypt it. If there are any errors during that process, they’ll see a warning.

In a lot of cases, browsers will actively prevent users from accessing the website in order to protect them. This often comes in the form of the “Your Connection is Not Private” error. As you might imagine, that’s a huge problem if it occurs on your own site.

Sometimes, you may run into the NET::ERR_CERT_AUTHORITY_INVALID error due to local configuration settings. Throughout the next sections, we’ll show you the many faces this error can take and then we’ll talk about how to troubleshoot it.

NET::ERR_CERT_AUTHORITY_INVALID Error Variations

The way an error appears can vary a bit, depending on what browser you’re using. Your operating system and your certificate’s configuration can also play a role in the different error messages that appear.

With that in mind, let’s take a look at the most common variations of the NET::ERR_CERT_AUTHORITY_INVALID error, browser by browser.

Google Chrome

When you run into this error in Chrome, the browser will tell you right away that your connection isn’t private. Since the browser doesn’t recognize your certificate’s validity, it can’t encrypt your data.

That means if you proceed, you do so at your own risk. Here’s what the error message looks like:

Attackers might be trying to steal your information from domain.com (for example, passwords, messages, or credit cards).

Common variations of this error in Chrome include the following codes:

In every case, Chrome pinpoints the source of the error within the certificate. The browser lets you proceed to the website if you choose, but it warns you against doing so.

Mozilla Firefox

Firefox doesn’t waste any time in telling you that you may have run into a potential security risk. What’s more, this browser does a better job than Chrome when it comes to explaining the potential causes and telling you not to panic.

Here’s how the primary error message reads:

Firefox detected an issue and did not continue to domain.com. The website is either misconfigured or your computer clock is set to the wrong time.It’s likely the website’s certificate is expired, which prevents Firefox from connecting securely. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

That variation of the error doesn’t include a specific code, though. In most cases, the screen will include one of the following codes as well:

• SEC_ERROR_UNKNOWN_ISSUER
• SSL_ERROR_RX_MALFORMED_HANDSHAKE
• MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE
• SEC_ERROR_REUSED_ISSUER_AND_SERIAL

If you see an error code like one of the above, make sure to copy it down somewhere. That is the browser’s way of telling you where things went wrong. In our experience, a simple search for a specific error code is often enough to help you find a quick solution.

Microsoft Edge

The Microsoft Edge error message you see below should look familiar. It’s almost identical to the message Chrome displays, right down to the included code:

The error can also come in different flavors, including the following:

• DLG_FLAGS_SEC_CERTDATE_INVALID
• DLG_FLAGS_INVALID_CA
• DLG_FLAGS_SEC_CERT_CN_INVALID
• NET::ERR_CERT_COMMON_NAME_INVALID
• ERROR CODE: O

Just as with Chrome, these error messages give you some insight into what’s at the root of your NET::ERR_CERT_AUTHORITY_INVALID error.

Safari

If you’re a Safari user, you’ll run into a variation of the ‘this connection is not private’ error, which lets you know there’s a problem with the website’s certificate and encryption. Here’s what the message says:

This website may be impersonating “domain.com” to steal your personal or financial information. You should go back to the previous page.

That particular error is due to an expired certificate. As we mentioned before, expired certificates are one of the most common causes of the NET::ERR_CERT_AUTHORITY_INVALID error.

How to Fix the NET::ERR_CERT_AUTHORITY_INVALID Error (9 Methods)

Now that you know what it looks like across most major browsers, it’s time to check out how to solve the NET::ERR_CERT_AUTHORITY_INVALID error. Earlier, we talked about its most common causes. However, we also mentioned that your local configuration can trigger it in some cases.

That means there are a lot of potential solutions to this issue. To keep things simple, we’ll start by tackling the three most common culprits, i.e. expired, self-signed, and ‘untrustworthy’ certificates. Then we’ll move on to more general solutions.

Here’s what we’ll cover:

1. Run an SSL Server Test

If you installed your SSL certificate shortly before the error began appearing, something may have gone wrong during the setup process. That can often happen if you installed the certificate manually, instead of through your web host.

The easiest way to check and see if your certificate is properly installed is by using an SSL check tool, such as the one offered by Qualys SSL Labs. This particular tool is free to use.

All you have to do is enter the domain where the error is popping up, and click on the Submit button:

Now, wait a couple of minutes while the results come up. Ideally, you should get an A+, with perfect scores for all your certificates:

If you don’t get a perfect score, scroll down to the list of certificates the tool shows you. There should be a section that tells you whether your certificate is trusted or not. If the tool gives you a negative result, then you’ll need to install a certificate from a trusted source instead.

2. Get a Certificate from a Valid Authority

There’s no excuse to use a self-signed certificate these days. If cost is the only factor, you can get a free certificate from Let’s Encrypt. Since it’s a valid authority, every browser will recognize your certificate’s validity:

If you’re a Kinsta user, we can help you set up your free Let’s Encrypt certificate in a matter of click through your MyKinsta dashboard:

For some websites, however, you’ll need more than a free certificate. Free certificates need to be renewed often, which can be a chore. Premium certificates offer more perks, such as insurance in the case of data breaches, encryption for multiple domains, and more.

For ecommerce sites, in particular, it can be worth it to pay for a premium SSL certificate. If you do buy a certificate, make sure it’s from a valid authority, in order to avoid running into the NET::ERR_CERT_AUTHORITY_INVALID error.

3. Renew Your SSL Certificate

SSL certificates need to be renewed every so often for security purposes. The renewal process verifies your domain’s ‘identity’, and without it, certificates would lose some of their validity. Free certificates from Let’s Encrypt renew every 90 days, whereas paid options have longer lifespans.

Check Out Our Video Guide to Choosing The Best SSL Certificate For Your Site

When the term is up, you’ll need to renew your certificate manually if your web host doesn’t handle that for you. In any case, Let’s Encrypt will contact you when your certificate is about to expire, so you can renew it ahead of time. Depending on which web host you use, however, you might not get access to renewal options through your control panel.

If you have access to your server, you can use the Certbot tool to install and renew SSL certificates through the command line.

Once you renew your SSL certificate, try loading your website again to see if the NET::ERR_CERT_AUTHORITY_INVALID error persists.

4. Try Reloading the Page (Or Using Incognito Mode)

If neither of the above fixes worked, it’s time to start troubleshooting directly from your computer.

In many cases, the NET::ERR_CERT_AUTHORITY_INVALID error disappears on its own when you try to reload the page. It only takes a second to do so, so it doesn’t hurt to try.

If the error persists across multiple reloads, we recommend that you try accessing the website using an ‘incognito mode’ if your browser offers that option:

If the website loads fine in incognito mode, that means the error is likely caused by your browser attempting to load an outdated cached version of the page. That gives you enough information to tackle the problem directly (as we’ll see in the next section).

5. Clear Your Browser’s Cache and Cookies

If switching your browser to incognito mode made the NET::ERR_CERT_AUTHORITY_INVALID error go away, then the issue is probably related to your browser’s cache.

Clearing your cache and cookies is easy, but the process varies depending on which browser you’re using. Below you can find instructions for clearing the cache in all the major browsers:

Another solution can be to try and force refresh your website specifically, so you don’t have to delete your entire cache. Force refreshing sometimes doesn’t work, however, so clearing your cache is our recommended solution.

6. Sync Your Computer’s Clock

One of the most common causes for the NET::ERR_CERT_AUTHORITY_INVALID is because your computer has the wrong date or time set. To clarify, errors with your device’s clock can interfere with your browser’s ability to verify a website’s certificate.

The good news is that if this is the problem, it’s an easy fix. If you notice a discrepancy between your computer’s clock and the current time, you can adjust it in seconds. Exactly how you do this will depend on which Operating System (OS) you’re using.

Windows

Go to the system tray and right-click on your computer’s time, then select the option that says Adjust date/time:

A settings window will appear. Look for the option that reads Sync now under Synchronize your clock, and click on it: Syncing your computer clock.

If you have an internet connection, Windows will make sure the date and time are correct. To avoid this issue in the future, we recommend that you enable the Set time automatically option. This setting should ensure that your computer always has the correct time.

Mac

If you’re using macOS, the syncing process is also remarkably simple. All you have to do is follow these steps:

1. Select the System Preferences option within the Apple menu.
2. Click on the Date & Time icon.
3. Turn on the Set date & time automatically option.

Before you close the settings screen, swing by the Time Zone tab and make sure you’re using the correct time zone. Once that’s done, you can check to see if the NET::ERR_CERT_AUTHORITY_INVALID error still persists.

7. Try Using a Different Network

In some cases, the NET::ERR_CERT_AUTHORITY_INVALID error pops up when you’re using a public network, such as the ones you can find in coffee shops or tourist spots. These networks often don’t route traffic securely, which can trigger the error.

If you’re using a public network for your computer, we recommend trying to access your website through your smartphone using its mobile data. Your goal here is to determine whether the original network was causing the problem.

If the error disappears when you’re using mobile data, then you know you need to switch networks. Another option to protect your privacy if you regularly use public internet access is to sign up for a Virtual Private Network (VPN).

A good VPN service will help protect your data even if you’re using an unsecured point of access. You will need to pay if you want to use a quality VPN service, but the expense is well worth it if you’re always on the move.

8. Disable Your VPN or Antivirus Software

If you’re already using a VPN and you run into the NET::ERR_CERT_AUTHORITY_INVALID error, the service itself may be triggering it.

Another common culprit is antivirus software. After you’ve tried everything else, we recommend that you temporarily turn off your VPN and disable your antivirus software. Then try accessing your site again and use force refresh to make sure it’s not loading from your browser’s cache.

If the error is gone, try re-enabling both services, one at a time, and see if you get the invalid certificate notification once more. This will let you know which is at fault. You may then choose to try and update the software, contact its support team for help, or look for an alternative solution.

9. Wipe Your Computer’s SSL State

Your computer keeps cached copies of certificates from websites you visit on a temporary basis, so it doesn’t have to run through the entire verification process each time you access them.

You can think of your SSL state as a cache, only for certificates. Just as with your cache, you can wipe your computer’s SSL state when you run into invalid certificate authority errors.

In Windows, you can do this by accessing the Internet Options menu from your control panel, and moving to the Content tab:

 

Click on the button that says Clear SSL state, close the window, and try reloading your website.

If you’re using macOS, and have accepted an untrusted certificate in the past, you may need to delete the certificate exception created for it from your Mac Keychain.

To do this, click on the Finder icon, followed by Go > Utilities > Keychain Access:

Under the Category section, select Certificates. Any untrusted certificates should have a red ‘X’ under their names. To delete them, click on Edit at the top of the screen, followed by Delete.

Summary

The NET::ERR_CERT_AUTHORITY_INVALID error can take a while to troubleshoot if you’re unable to determine what’s causing it. Plus, if your visitors are seeing it as well, that can harm both your traffic and your reputation.

The good news is that most fixes take little time to implement. You’ll want to start by making sure your SSL certificate is up to date and valid, then perform some basic troubleshooting tasks such as reloading the page and clearing your browser’s cache.

After that, you can move on to more involved fixes, like wiping your SSL state and running an SSL server test.