How to fix the NET::ERR_CERT_AUTHORITY_INVALID error

What is NET::ERR_CERT_AUTHORITY_INVALID error?

As the name of the error implies, this problem pops up when your browser can’t verify the validity of your website’s SSL certificate. If you haven’t set up a certificate or are using HTTP for your website, which isn’t recommended, you shouldn’t run into this error.

Generally speaking, there are three primary causes for the invalid certificate authority error. Let’s break down each one in turn:

You’re using a self-signed SSL certificate — Using a self-signed certificate can save you money, but since browsers can’t verify its validity, your visitors may run into the error in question. Browser warnings can scare a lot of users away, so we recommend against this approach.

Your certificate has expired — SSL certificates expire as a security precaution. How long your certificate lasts can vary, but at some point, you need to renew it or automate the renewal process (some authorities and web hosts enable you to do this easily).

The certificate comes from a non-trusted source — Just as with self-signed certificates, if browsers can’t verify the authority that generated your certificate, you’ll see an error.

Remember that every time a user visits a website with an SSL certificate, their browser needs to validate and decrypt it. If there are any errors during that process, they’ll see a warning.

In a lot of cases, browsers actively prevent users from accessing the website in order to protect them. This often comes in the form of the “Your Connection is Not Private” error. As you might imagine, that’s a huge problem if it occurs on your own site.

Sometimes, you may run into the NET::ERR_CERT_AUTHORITY_INVALID error due to local configuration settings. Throughout the next sections, we’ll show you the many faces this error can take and then we’ll talk about how to troubleshoot it.

What are the NET::ERR_CERT_AUTHORITY_INVALID error variations?

The way an error appears can vary a bit, depending on what browser you’re using. Your operating system and your certificate’s configuration can also play a role in the different error messages that appear.

With that in mind, let’s take a look at the most common variations of the NET::ERR_CERT_AUTHORITY_INVALID error, browser by browser.

• Your connection is not private

• Warning: Potential Security Risk Ahead

• Your connection isn’t private

• This Connection Is Not Private

Google Chrome

When you run into this error in Chrome, the browser will tell you right away that your connection isn’t private. Since the browser doesn’t recognize your certificate’s validity, it can’t encrypt your data.

That means if you proceed, you do so at your own risk. Here’s what the error message looks like:

Attackers might be trying to steal your information from domain.com (for example, passwords, messages, or credit cards).

Common variations of this error in Chrome include the following codes:

• NET::ERR_CERT_AUTHORITY_INVALID

• NET::ERR_CERT_COMMON_NAME_INVALID (This occurs when the certificate does not match the domain)

• NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM

• NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED

• NET::ERR_CERT_DATE_INVALID

• SSL CERTIFICATE ERROR

In every case, Chrome pinpoints the source of the error within the certificate. The browser lets you proceed to the website if you choose, but it warns you against doing so.

Mozilla Firefox

Firefox doesn’t waste any time in telling you that you may have run into a potential security risk. What’s more, this browser does a better job than Chrome when it comes to explaining the potential causes and telling you not to panic.

That variation of the error doesn’t include a specific code, though. In most cases, the screen includes one of the following codes as well:

• SEC_ERROR_UNKNOWN_ISSUER

• SSL_ERROR_RX_MALFORMED_HANDSHAKE

• MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE

• SEC_ERROR_REUSED_ISSUER_AND_SERIAL

If you see an error code like one of the above, make sure to copy it down somewhere. That is the browser’s way of telling you where things went wrong. In our experience, a simple search for a specific error code is often enough to help you find a quick solution.

Microsoft Edge

The Microsoft Edge error message you see below should look familiar. It’s almost identical to the message Chrome displays, right down to the included code:

The error can also come in different flavors, including the following:

• DLG_FLAGS_SEC_CERTDATE_INVALID

• DLG_FLAGS_INVALID_CA

• DLG_FLAGS_SEC_CERT_CN_INVALID

• NET::ERR_CERT_COMMON_NAME_INVALID

• ERROR CODE: O

Just as with Chrome, these error messages give you some insight into what’s at the root of your NET::ERR_CERT_AUTHORITY_INVALID error.

Safari

If you’re a Safari user, you run into a variation of the ‘this connection is not private’ error, which lets you know there’s a problem with the website’s certificate and encryption. Here’s what the message says:

Fixing the Error: 9 Methods

1. Run an SSL Server Test

Use tools like Qualys SSL Labs SSL Test to check your SSL certificate’s installation and configuration. Enter your domain and submit it to see detailed results, including trustworthiness.

2. Get a Certificate from a Valid Authority

3. Renew Your SSL Certificate

Ensure your SSL certificate is up to date. Many hosting providers offer automated renewal. If you need to renew manually, use tools like Certbot for installation and renewal.

4. Reload the Page or Use Incognito Mode

Sometimes, simply reloading the page or using your browser’s incognito mode can bypass the error if it’s caused by cached data.

5. Clear Your Browser’s Cache and Cookies

Clear your browser’s cache and cookies to ensure you’re loading the most recent version of your site. Instructions for clearing cache vary by browser:

• Google Chrome

6. Sync Your Computer’s Clock

Incorrect date and time settings can cause SSL errors. Sync your computer’s clock to the correct time.

• Windows: Right-click the time in the system tray, select "Adjust date/time," and click "Sync now."

• macOS: Go to System Preferences > Date & Time, and select "Set date & time automatically."

7. Try Using a Different Network

Public networks can cause SSL errors due to insecure routing. Try accessing your website from a different network or mobile data to see if the error persists.

8. Disable Your VPN or Antivirus Software

VPNs and antivirus software can sometimes trigger SSL errors. Temporarily disable these services to check if they are the cause. If so, consider updating or reconfiguring them.

9. Wipe Your Computer’s SSL State

Clear your computer’s SSL state to remove any cached certificates.

• Windows: Go to Control Panel > Internet Options > Content tab, and click "Clear SSL state."

• macOS: Open Keychain Access (Finder > Go > Utilities > Keychain Access), select Certificates, and delete any untrusted certificates.

Conclusion:

The NET::ERR_CERT_AUTHORITY_INVALID error, while potentially alarming, is a common issue that website owners can resolve with a few straightforward steps. By understanding the causes—whether it’s an expired certificate, a self-signed certificate, or a certificate from a non-trusted source—you can take targeted actions to fix the problem. Ensuring your SSL certificate is valid and from a recognized authority is crucial for maintaining user trust and securing your website. Regularly updating your SSL certificates, keeping your system’s time settings accurate, and performing routine checks on your SSL configuration will help prevent this error from occurring in the future. By following the methods outlined, you can quickly address the NET::ERR_CERT_AUTHORITY_INVALID error and provide a secure browsing experience for your visitors.