How to Fix NET::ERR_CERT_AUTHORITY_INVALID: 10 Proven Solutions

NET::ERR_CERT_AUTHORITY_INVALID is a common error encountered when visiting websites with Secure Sockets Layer (SSL) issues. For website owners, the NET::ERR_CERT_AUTHORITY_INVALID error can harm traffic and conversions, rendering the site inaccessible to visitors.

In this article, we’ll explain what the NET::ERR_CERT_AUTHORITY_INVALID error is, explore its main causes, and present ten effective solutions to resolve it.

Error codeNET::ERR_CERT_AUTHORITY_INVALID
Error typeSSL connection issue
Error variationsNET::ERR_CERT_INVALIDNET::ERR_CERT_COMMON_NAME_INVALID
NET::ERR_CERT_DATE_INVALID
SEC_ERROR_UNKNOWN_ISSUER
DLG_FLAGS_SEC_CERTDATE_INVALID
Error causesExpired SSL certificates
Compromised certificates
Invalid domain name
Unsecured internet connection
Browser issues

What Is NET::ERR_CERT_AUTHORITY_INVALID?

NET::ERR_CERT_AUTHORITY_INVALID is an error message that shows up when a browser can’t validate a site’s SSL certificate. A few SSL-related errors can trigger this invalid code, such as:

  • Using a self-signed SSL certificate. A self-signed certificate might be cost-effective but doesn’t provide authority and trust.
  • Untrustworthy certificate authority. When accessing websites, the browser will run a background check of the SSL certificate. If the certificate authority is untrusted, the browser will return an invalid error message.
  • Improper installation of the certificate. This error often happens if you recently switched from HTTP to HTTPS.
  • Expired SSL certificates. The expiration date of an SSL certificate can vary. Some last for a lifetime, while others need annual renewals. Check with the provider to see if your certificate has expired.

Important! For WordPress website owners, implementing WordPress SSL is important to keep your site data secure from cyber attacks.

However, SSL certificates aren’t the only reason behind this error. Sometimes, it is caused by issues on the client-side, including:

  • Unsecured network connection. While free, WiFi in public places doesn’t route traffic securely. As a result, using public internet access might trigger your browser to return a NET::ERR_CERT_AUTHORITY_INVALID error code.
  • Outdated operating system. If your operating system is outdated, the browser might refuse to load pages for security reasons.
  • Expired browser cache. Expired cookies and cache might prevent browsers from validating an SSL certificate.
  • Third-party apps. Third-party programs, such as a virtual private network (VPN), antivirus software, and browser extensions, might also cause connectivity issues.

Most of the time, you can resolve this error by simply changing the settings on your computer or browser. Before diving deeper into the solutions, let’s see how this invalid code is displayed on multiple browsers.

Hostinger web hosting banner

NET::ERR_CERT_AUTHORITY_INVALID in Google Chrome, Safari, and Other Browsers

This section will show you how this particular error looks on Google Chrome, Safari, Mozilla Firefox, and Microsoft Edge.

Google Chrome

The NET ERR_CERT_AUTHORITY_INVALID error code on Google Chrome

When you access websites with SSL errors, the Google Chrome browser will display a message saying, “Your connection is not private.”

Below the message, Google Chrome also warns users that attackers might steal their information and shows the actual NET::ERR_CERT_AUTHORITY_INVALID error code.

You can still access the website at your own risk by clicking Proceed to (domain name). Other variations of this error message include:

  • NET::ERR_CERT_COMMON_NAME_INVALID
  • NET::ERR_CERT_INVALID
  • NET::ERR_CERT_DATE_INVALID
  • NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM
  • NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED
  • SSL CERTIFICATE ERROR
The NET ERR_CERT_COMMON_NAME_INVALID error code on Google Chrome

Each variation of these SSL error codes hints at the actual issue. For instance, NET::ERR_CERT_COMMON_NAME_INVALID indicates that the domain name doesn’t match the SSL certificate.

Safari

Invalid SSL error on Safari

For Safari users, the error message displayed is quite different from Google Chrome and other browsers.

When Safari can’t validate the website’s identity, it will warn users that they might be accessing a fraudulent site with a similar address.

Safari will then ask whether you want to continue. You can also click Show Certificate to find more details about the SSL certificate.

Microsoft Edge

NET::ERR_CERT_AUTHORITY_INVALID error on Microsoft Edge

In Microsoft Edge, the error message is almost identical to the one in Google Chrome. You’ll see error warnings that your connection isn’t private, followed by the NET::ERR_CERT_AUTHORITY_INVALID error code.

Other error codes displayed by Microsoft Edge include:

  • NET::ERR_CERT_COMMON_NAME_INVALID
  • DLG_FLAGS_SEC_CERTDATE_INVALID
  • DLG_FLAGS_SEC_CERT_CN_INVALID
  • DLG_FLAGS_INVALID_CA

Similar to Google Chrome, each of those codes indicate the root cause of the SSL error.

Mozilla Firefox

SEC_ERROR_UNKNOWN_ISSUER error on Mozilla Firefox

In terms of giving detailed information about the error, Firefox does a better job than Google Chrome, Safari, and Microsoft Edge.

Instead of the usual “attackers might be trying to steal your information” message, this browser provides the actual causes of the error. Then, you can either continue at your own risk or go back to the previous page.

However, Firefox doesn’t use the NET::ERR_CERT_AUTHORITY_INVALID code to indicate SSL errors. Instead, the browser uses one of the following error messages:

  • SEC_ERROR_UNKNOWN_ISSUER
  • SEC_ERROR_REUSED_ISSUER_AND_SERIAL
  • SSL_ERROR_RX_MALFORMED_HANDSHAKE
  • SSL_ERROR_UNSUPPORTED_VERSION
  • MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE

After learning what causes the NET::ERR_CERT_AUTHORITY_INVALID error and how it looks on multiple browsers, let’s explore how to fix it.

We’ll cover possible solutions for both the server-side (SSL errors) and client-side (browser errors). Let’s start with SSL-related issues.

1. Run an SSL Test

First, conduct an SSL check to see where the problem is using a free tool like SSL Shopper. Simply enter the domain name and wait for a few minutes as the tool analyzes it.

The SSL Shopper tool showing an SSL check result

Once finished, SSL Shopper will provide a report of the site’s SSL installation, such as the IP address, certificate trustworthiness, expiry date, and domain name validity. If the tool finds no issues, it will show green checkmarks that indicate:

  • Major web browsers trust the SSL certificate.
  • The SSL certificate hasn’t expired.
  • The domain name is correctly listed in the SSL certificate.

It will also show if you’re using a self-signed SSL certificate or if the domain name doesn’t match the one in the certificate, and how to fix those issues.

The SSL Shopper tool showing SSL errors

2. Obtain an SSL Certificate From a Legitimate Provider

If the result shows that your current SSL certificate isn’t valid, consider obtaining one from a trusted certificate authority. Hostinger includes this free SSL certificate in every hosting plan.

However, certain types of websites, such as eCommerce stores, need a higher level of protection. If that’s your case, purchasing a premium SSL certificate is a better option, as it offers more features.

3. Clear the SSL State

When visiting a website, your computer stores a copy of that site’s certificate. Sometimes, it may store incorrect or outdated details, leading to errors.

You can remove all cached certificates from your computer by clearing the SSL state. Here is how to do it on Windows:

  1. Open the Search Box.
  2. Type in Internet Options.
The Internet Options control panel on Windows
  1. When a dialog box appears, go to Content.
  2. Click Clear SSL State.
The Internet Properties tab on Windows that shows how to clear SSL state

On macOS, you need to delete any untrusted certificate that’s causing problems:

  1. Click on the Spotlight search icon at the top of your screen.
  2. Type Keychain Access.
  3. Under the Category section, select Certificates.
  4. Untrusted certificates are identified with a red “X” icon.
  5. Right-click on it and select Delete.
The Keychain Access section on macOS, showing an untrusted certificate

4. Renew the SSL Certificate

SSL certificates need to be renewed to re-confirm a domain’s validity and keep the encryption updated.

The SSL certificate renewal period varies between providers. For instance, Let’s Encrypt’s free SSL certificate must be renewed every 90 days, while premium certificates usually last longer.

To check the certificate’s expiry date, go to your website and click on the padlock icon in the address bar. If you have an expired SSL certificate, check with your web hosting provider and certificate authority on how to renew it.

The steps usually involve generating a new certificate signing request (CSR), activating the new certificate, and installing it.

If you use Hostinger, access hPanel to check all information about your SSL certificate. However, all our certificates come with an auto-renew feature to keep your site protected 24/7.

The SSL section on hPanel

If nothing is wrong with the SSL certificate, the problem might be in your browser or computer. If that’s the case, try one of the following solutions:

1. Adjust the Time and Date Settings on Your PC

Browsers rely on the operating system’s time to check a certificate’s validity period. If the date is set incorrectly, the browser can misidentify the certificate as expired.

To adjust the time and date on Windows:

  1. Open the Start menu.
  2. Type in Adjust time/date.
  3. Under the Synchronize your clock section, click Sync now.
  4. Turn on Set time automatically to ensure your computer’s time is always right.
The Date & Time settings on Windows Control Panel, showing where the "Sync now" button is located

If you’re on macOS, follow these steps:

  1. Open the Apple menu.
  2. Go to System Preferences -> Date & Time.
  3. Activate Set date & time automatically.
  4. Go to Time Zone and check whether you’re using the correct time zone.
The Date & Time section on macOS

After you’ve correctly set the time and date on your operating system, refresh the browser to see if the error has been resolved.

2. Update Your Browser

Sometimes, using an older version of a browser can cause the NET::ERR_CERT_AUTHORITY_INVALID error.

If you’re a Chrome user, access Settings -> About Chrome. If you see a “Chrome is up to date” notification, that means you already have the latest version installed.

The "Chrome is up to date" notification on Google Chrome Settings

If your Chrome browser is outdated, it will show the Update Google Chrome button instead. Click the button and wait for it to finish downloading. Then, click Relaunch.

3. Clear Browser Cache and Cookies

While cache and cookies help browsers load web pages faster, they can also contain outdated or corrupted files that cause SSL errors. Access the private or incognito mode to see if your browser cache is the main issue.

The incognito window on Google Chrome

If the website is accessible through the incognito mode, that means the browser is storing expired cache. To fix this, clear browser cache and cookies.

The process of clearing browsing data on Chrome, Firefox, Safari, Opera, and Edge is usually very similar. On Google Chrome:

  1. Access the menu on the top right.
  2. Go to More Tools and select Clear browsing data.
The "clear browsing data" option available on Google Chrome's tools
  1. Select the time range and click Clear data.
Clear browsing data options on Google Chrome

4. Temporarily Disable Browser Extensions

While extensions enhance the browsing experience, they can also cause SSL errors.

To deactivate browser extensions on Chrome, follow these steps:

  1. Go to More Tools -> Extensions.
  2. Toggle off all of your Chrome extensions.
The toggle button to disable Google Chrome's extensions

The steps are similar if you’re using Mozilla Firefox or Safari. Locate the extensions or add-ons, then deactivate them by switching the toggle from blue to gray.

However, the disable feature is not available in Microsoft Edge. You will need to delete the extensions and reinstall them later on.

After disabling the extensions, reload the website to see if the error message still pops up. If the page loads just fine, turn the extensions back one by one to identify what’s causing the problem.

5. Disable VPN

VPN masks your IP address and provides an added layer of security. It also enables you to change virtual server locations and access geo-blocked content.

However, this added layer of security can block some SSL certificates, preventing your browser from retrieving the web pages.

If you’re using a virtual private network, we recommend turning it off temporarily to see if it’s causing the error. If that’s the case, you can either contact the support team or use other VPN providers.

6. Disable Firewall or Antivirus

As a last resort, try to temporarily disable the firewall or antivirus software. To deactivate Windows Firewall:

Proceed with caution as turning off the firewall might expose your computer to malware.

  1. Open the Start menu.
  2. Type in Control Panel.
  3. Go to System and Security -> Windows Defender Firewall.
The location of the Windows Defender Firewall section on the Windows control panel
  1. On the left side, click Turn Windows Defender Firewall on or off.
  2. Select Turn off Windows Defender Firewall (not recommended) on the private and public network settings.
Turning off Windows Defender Firewall for private and public network

Here’s how to disable your antivirus software on macOS:

  1. Open the Apple menu.
  2. Select System Preferences -> Security & Privacy.
  3. Go to the Firewall tab.
The Firewall tab under Security & Privacy on macOS
  1. Click on the lock icon on the bottom left and enter your password.
  2. Click Turn Off Firewall.

Once you’ve disabled the antivirus software, restart your operating system and try to reaccess the website. If the error message disappears, you know the software is at fault.

Update your antivirus to the latest version or look for alternatives.

Conclusion

If you’re a website owner, having an SSL certificate installed is essential to keep your site protected. Unfortunately, some issues on the browser or the SSL certificate itself can trigger the NET::ERR_CERT_AUTHORITY_INVALID error code.

This error message will make your site inaccessible, affecting its conversion rates and user experience. Thus, we’ve covered the primary causes and 10 solutions to fix the NET::ERR_CERT_AUTHORITY_INVALID error.

Contact your web host or SSL provider if the error persists. For website visitors, notify the administrator as they might not know of such errors.

ERR_CERT_AUTHORITY_INVALID FAQs

Take a look at the following frequently asked questions.

Is ERR_CERT_AUTHORITY_INVALID a Common Error?

Yes, ERR_CERT_AUTHORITY_INVALID is a common error that occurs when the SSL/TLS certificate presented by a website is not recognized by the browser as being issued by a trusted Certificate Authority. This can happen due to various reasons, such as an expired or self-signed certificate or incorrect configuration.

What Is the Difference Between an ERR_CERT_AUTHORITY_INVALID Error and a Certificate Authority Error?

Nothing. A certificate authority error is the same as ERR_CERT_AUTHORITY_INVALID. This error encompasses various issues related to certificate validation, including but not limited to invalid or expired certificates, revoked certificates, or mismatched hostnames.

Author
The author

Brian Fajar Mauladhika

Brian is a Content Writer who knows the ins and outs of digital marketing and eCommerce. Driven by passion and a dose of caffeine, he constantly looks for better ways to tell complex stories in a simple manner. Follow him on LinkedIn.