How to Fix the “NET::ERR_CERT_AUTHORITY_INVALID” Error?
Table of Contents
Every internet user encounters the NET::ERR_CERT_AUTHORITY_INVALID error once in a while. It’s not an error you can easily miss since it comes with huge alert signs and warning messages in most browsers.
Understandably, many visitors get anxious when it pops up. But you don’t have to worry. Usually, the causes are quite trivial, and you can easily fix the error with a bit of patience.
After reading this guide, you’ll know what the error means, what causes it, and how to fix it as a website owner or visitor.
Hence, it tries to protect you from visiting an unsecured and unencrypted website which hackers may exploit to steal your information.
NET::ERR_CERT_AUTHORITY_INVALID is one of the several errors related to SSL certificates. You can find more information about them in this tutorial about what is an SSL certificate and how to fix SSL errors.
Nowadays, SSL encryption is a must-have for every website. It encrypts the connection between a website and its visitors. As a result, a third party can’t intercept the exchanged information.
The encryption is facilitated by an SSL certificate installed on the website server. When a visitor opens a website, the following sequence ensues:
- The browser requests identification from the web server.
- The server responds by sending a copy of its SSL.
- Then the browser checks if the SSL is in the list of trusted certificates.
- The browser asks the webserver to start an encrypted session if everything is in order.
However, if the browser detects a problem with the certificate or doesn’t trust it, it displays the NET::ERR_CERT_AUTHORITY_INVALID error message.
While at first glance, it seems like you landed on a dangerous website or you are under a hacker attack, that’s rarely the case. When there is a problem with the SSL certificate or your local device, this error can appear on any legitimate website, including yours.
Variations of the Error
Although the error is usually represented by the code NET::ERR_CERT_AUTHORITY_INVALID, other error codes indicate the same problem. They include:
- NET::ERR_CERT_INVALID
- NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED
- SSL CERTIFICATE ERROR
- SEC_ERROR_UNKNOWN_ISSUER
- NET::ERR_CERT_DATE_INVALID
- NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM
What “NET::ERR_CERT_AUTHORITY_INVALID” Looks Like in Different Browsers
The error page appears differently depending on the browser you are using. It will have a varying design, message, and even error code. We will look below at the most popular browsers.
“NET::ERR_CERT_AUTHORITY_INVALID” in Chrome
On Google Chrome, NET::ERR_CERT_AUTHORITY_INVALID comes with a plain error page. You will see a red warning sign, “Your connection is not private,” and the NET::ERR_CERT_AUTHORITY_INVALID code below.
Clicking on the Advanced button reveals more information about the potential risk. The browser informs you the certificate is not trusted but doesn’t give instructions on fixing the problem.
“NET::ERR_CERT_AUTHORITY_INVALID” in Firefox
Mozilla Firefox displays a yellow warning sign accompanied by the message “Warning: Potential Security Risk Ahead.” It informs you that there are issues with the site’s certificate chain, but “NET::ERR_CERT_AUTHORITY_INVALID” is nowhere to be seen.
Clicking the Advanced button expands the message, giving hints of what might be wrong. You can also see the error code, which in Firefox is usually SEC_ERROR_UNKNOWN_ISSUER.
Although the code might be different, it points out exactly the same issue as NET::ERR_CERT_AUTHORITY_INVALID.
“NET::ERR_CERT_AUTHORITY_INVALID” in Safari
Safari acknowledges the problem with the message “This Connection Is Not Private.” It warns you that the certificate is invalid and that someone might try to steal your information.
“NET::ERR_CERT_AUTHORITY_INVALID” in Edge
Microsoft Edge displays an error page similar to Chrome. It shows almost an identical warning sign and initial message. When you click Advanced, the browser explains what might have gone wrong and how it protects you by stopping the connection.
What Causes the “NET::ERR_CERT_AUTHORITY_INVALID” Error
The NET::ERR_CERT_AUTHORITY_INVALID error could originate from the website’s SSL certificate or the visitor’s local computer or network. Local problems affect only individual users, and there is actually no problem with the website itself. In contrast, problems with the website’s certificate affect all visitors.
Problems with your SSL Certificate
The primary cause of the NET::ERR_CERT_AUTHORITY_INVALID error is problems with the website’s certificate. The most common cases are:
- You are using a self-signed certificate – Self–signed certificates are helpful if you start a new website but haven’t picked a paid SSL certificate yet or if your hosting doesn’t provide a free option. However, a Certificate Authority (CA) does not validate them, so browsers don’t trust them. Hence, visitors will always get a warning when they visit websites using them.
- The certificate is issued by a Certificate Authority (CA) that browsers don’t trust – Browsers keep a list of trusted authorities. Your browser will produce the error if your CA is not present in the list.
- You haven’t installed an SSL certificate – You’ve configured your website to load with HTTPS protocol, but you haven’t installed an SSL certificate. In this case, the browser is forced to establish an HTTPS connection, but since the website is missing an SSL, an encrypted session can’t be started.
- The certificate is not configured correctly – The certificate is installed on your hosting server but not configured correctly. It may need to be linked properly to your website domain name, or the chain of intermediate certificates might need to be fixed.
- The SSL certificate has expired – Each certificate has an expiration date. The error will pop up if your SSL certificate is expired and not renewed.
Local Problems with your Browser, Network, or Operating System
Apart from certificate problems, local issues on a visitor’s device could also trigger a NET::ERR_CERT_AUTHORITY_INVALID error. The problems that could lead to the error are:
- Expired browser cache and cookies – Your browser may keep outdated cookies and cached files that could trigger the error.
- Outdated SSL state – Every Operating System (OS) keeps cached certificates for websites you have already visited. If the SSL certificate is changed and your OS keeps an older version, it could lead to NET::ERR_CERT_AUTHORITY_INVALID.
- Wrong date and time in your Operating System – If your OS uses the wrong time and date, it could mistakenly identify a valid certificate as expired.
- Outdated Operating System (OS) – Certificates undergo constant changes, and the OS systems must update their lists of trusted certificates. If your OS is too old, it may not recognize newly introduced certificate mechanisms.
- Outdated browser – Much like OS, browsers should also recognize certificates. Their lists of trusted certificates are usually updated with new browser versions. An outdated browser may not trust new certificates.
- Browser extensions – Some browser extensions could interfere with the connection to a website and produce the error NET::ERR_CERT_AUTHORITY_INVALID.
- VPN or Antivirus software restricting access to a website – Some security measures in VPN or antivirus software can conflict with a website and recognize it as suspicious.
- Temporary network connectivity issues
How to Check Your SSL Certificate
Before taking any corrective actions, you could check the website’s SSL status. If you are the website owner, that could save you a lot of time and help you focus on the exact solution to get back on track.
View the SSL certificate details in your browser
You can examine the details of the website’s certificate directly from your browser. For instance, when you get the error on Google Chrome, click on the red warning Not Secure in the address bar. In the menu that will pop up, select Certificate is not valid.
In the General tab, you can see the general information about the certificate’s owner, issuer, and encryption. The Details tab displays a breakdown of all certificate’s parameters.
View the SSL certificate details in an online checker
Many online SSL checkers can inspect your certificate and provide more comprehensive information. They can be quite handy in pinpointing the exact issue.
Such a tool is the SSL checker from SSL Shopper. After typing your website’s address, press the Check SSL button. The checker will present a full report of the certificate. If everything is marked in green, your SSL is set correctly. Pay attention to red or yellow warning signs as they point out problems with the SSL certificate.
Using the report’s information, you can focus on the particular issue with your certificate and take the appropriate action.
How to Fix the Error “NET::ERR_CERT_AUTHORITY_INVALID” as a Website Owner
If your website suffers the error and you’ve already determined it stems from the SSL certificate, a few actions can fix the problem – you’ll have to reinstall, renew or replace the certificate.
Below, you’ll find the detailed steps.
Install an SSL Certificate from a Trusted Certificate Authority (CA)
If you’ve forced your website to load with HTTPS but haven’t installed an SSL, the usual result is the NET::ERR_CERT_AUTHORITY_INVALID error.
Alternatively, you may have a working certificate, but if browsers don’t trust it, visitors will still see the error. That happens in the following cases:
- You use a self-signed SSL certificate with no Certificate Authority to confirm its validity.
- Your SSL certificate is issued by a Certificate Authority (CA) that browsers don’t trust.
The solution, in either case, is to install a new certificate from a well-known authority. SiteGround users can take advantage of the Let’s Encrypt SSL Installer, which lets them add a free SSL certificate with a few clicks. Let’s Encrypt is universally recognized and trusted by all major browsers and operating systems.
For more information, read this tutorial on how to add an SSL to your website.
If you prefer to install your own SSL certificate purchased from a third-party vendor, read this guide on how to install a third-party SSL.
Reinstall Your SSL Certificate
Your SSL might appear as valid when you look it up in your hosting panel, yet the website could still produce the NET::ERR_CERT_AUTHORITY_INVALID error. The certificate’s chain of trust may be broken, or one of the certificate’s keys might not be inserted correctly.
Another common case is installing an SSL certificate before your domain DNS is fully propagated. The website opens with the naked yourdomain.com name, but the address www.yourdomain.com produces the error.
That’s because the DNS record for yourdomain.com propagated to the Certificate Authority servers, and they could validate the name with the issued certificate. However, the DNS record for www.yourdomain.com had not propagated before the SSL was issued, and your website’s certificate doesn’t cover it.
Regardless of the particular reason, reinstalling the SSL should fix the problem.
Renew Your SSL Certificate
The SSL certificates have an expiration date as they are issued for a limited time frame. Once the SSL expires, it should be renewed or replaced with a new certificate. Otherwise, it becomes invalid, and your website produces the NET::ERR_CERT_AUTHORITY_INVALID error.
For example, Let’s Encrypt certificates expire every 90 days. SiteGround users don’t have to keep track of the expiration date since all Let’s Encrypt certificates installed with the SSL installer are automatically renewed.
If your hosting doesn’t provide an SSL auto-renewal system or, for some reason, your SSL hasn’t been renewed, renew your certificate from your hosting panel.
What Are the “NET::ERR_CERT_AUTHORITY_INVALID” Fixes as a Visitor
If you’ve established that the error doesn’t affect other visitors, you can conclude that it is a local issue on your end. Thus, you can take a few actions to fix the problem as a visitor.
Reload the Page
There might have been a temporary connectivity issue causing the error on your end. Try reloading the page to see if the problem persists.
In case the error is gone, you can safely assume it was a momentary issue.
Clear Your Browsing Data
Browsers store cached content and cookies to speed up web browsing. Although extremely useful, cache and cookies may become corrupted or keep expired information which could lead to the “NET::ERR_CERT_AUTHORITY_INVALID” error.
Clear your browser’s cached files and cookies and reload the page. If the page resolves properly now, you can conclude the issue was invalid browsing data for the website.
Read the following guides to find the exact process of clearing your browsing data depending on your device or browser.
- How to clear cache and cookies on desktop browsers
- Clear cache and cookies on Android
- How to clear cache and cookies on iPhone
Change Your Network
The error could appear when connected to a public network like in a library, airport, or cafe. You may see the error visiting some websites on this type of network since it is often unprotected and doesn’t transmit the data securely.
Office networks are also prone to the NET::ERR_CERT_AUTHORITY_INVALID error. In many cases, they restrict access to websites deemed unrelated to work. The error could manifest when you visit such a website.
Test visiting the website from your home or mobile network. If you are now able to get in, you can safely assume that the previous network caused the error.
Update Your Browser
The error NET::ERR_CERT_AUTHORITY_INVALID may appear on outdated browsers that don’t trust the SSL certificate of a website. The latest browser version should contain an up-to-date SSL certificate list. Thus, updating your browser could fix the error.
If you use Google Chrome, click on the kebab menu in the top right corner and select Settings.
On the next page, choose About Chrome, where you can see the current version of your browser. You will see either Chrome is up to date or Update Google Chrome. If an update is available, install it and check if the error is gone.
To check your Mozilla Firefox version, open the hamburger menu on the top right and choose Settings.
On the next page, select General, and scroll down to the section Firefox Updates. Press the Check for updates button to run a new check on your browser. You will see Firefox is up to date or an available update.
Update your Operating System
An older version of your Operating System (OS) could also cause the NET::ERR_CERT_AUTHORITY_INVALID error. The website’s SSL certificate might be updated, and the OS no longer trusts the certificate.
Thus, you’ll have to update your OS to the latest version to renew its list of trusted certificates.
Update macOS
You can follow the steps below to update your operating system if you get NET::ERR_CERT_AUTHORITY_INVALID on your Mac.
-
Step 1.Open the menu About This Mac
Open the Apple menu in the top left corner. From the drop-down menu, select About This Mac, which will open a new window.
-
Step 2.Check or update the macOS version
Choose Software Update from the Overview tab. Another window will appear, where you can see the Software Updates. Press the Upgrade Now button if there is an available macOS update.
Update Windows
If you are a Windows user, use the following steps to check or update your operating system.
-
Step 1.Open the menu Update & Security
Open Settings from the Windows menu in the lower left corner. On the new pop-up window, select Update & Security, where you can see the current Windows version.
-
Step 2.Check or update the Windows version
On the next screen, you will see the message “You’re up to date” if you use the latest version or an available update. You can do a manual check by pressing the Check for updates button. If there is a later version, update your Windows and test if the NET::ERR_CERT_AUTHORITY_INVALID error is gone.
Synchronize Your Computer’s Date and Time
Your operating system’s clock defines the time settings of your applications. If the clock is set incorrectly, your browser may perceive a valid SSL certificate as expired and produce the NET::ERR_CERT_AUTHORITY_INVALID error.
Therefore, adjusting the correct time in your OS could be an easy fix.
Synchronize the clock on macOS
To check your macOS time, open System Preferences from the Dock and select Date & Time.
Open the Date & Time tab and check the box for Set date and time automatically.
Follow this by opening the Time Zone tab and selecting the correct time zone for your location. Then, check the box for Set time zone automatically using current location. This lets your Mac determine the correct zone based on your geographic location. Keep in mind that in order to use this feature, you must have Location Services enabled.
Synchronize the clock on Windows
To check your Windows clock, open the Windows menu and select Settings. In the following pop-up window, open Time & Language.
You will open the Date & Time section, where you can adjust the time. Enable both options Set time automatically and Set time zone automatically to make Windows set the correct time for your location. Make sure that Location is turned on, so Windows can determine your location.
You can also press Sync now to force a new synchronization manually.
Disable Browser Extensions
Browser extensions are applications adding extra features to your browser. Undoubtedly, they are handy tools, but in rare cases, they can block the connection to some websites. These problems could lead to the NET::ERR_CERT_AUTHORITY_INVALID error. Try disabling your extensions to determine if one of them is the culprit.
Let’s take Google Chrome, for example. Open the kebab menu in the top right corner and select More Tools > Extensions.
Here, you can see all installed extensions. Each extension has an ON/OFF switch. Test disabling them one by one and opening the website. If an extension is causing the problem, you can open the website when deactivated.
Once you find the culprit, consider replacing it with an alternative or report the problem to its developers.
Turn Off Your VPN
A virtual private network (VPN) lets you change the geographic location of your computer and adds extra security layers for filtering traffic. However, these features could sometimes clash with a website’s SSL certificate and trigger the NET::ERR_CERT_AUTHORITY_INVALID error.
If you use a VPN service, disable it and test loading the problematic website again. Given that the error is gone, you can conclude that the VPN is somehow causing a conflict. Keep the VPN disabled when visiting certain websites, contact the VPN support team, or look for an alternative service.
Disable Your Antivirus Program
Antivirus programs are crucial to your online security, protecting you from various threats. But sometimes, they could flag harmless websites as dangerous and block the connection.
When it happens, you are very likely to see the NET::ERR_CERT_AUTHORITY_INVALID error. Disable your antivirus or firewall software and check if you can access the website.
It is a clear indication that it is causing the issue if you are now able to get in. You may need to whitelist the website’s address, contact the antivirus support team or look for alternative software.
Clear the SSL State
Although the entire SSL verification takes milliseconds, computers reduce the time further by keeping cached certificates of the websites you previously visited. However, if a website has renewed or replaced its certificate and your device keeps an outdated version, you will see the NET::ERR_CERT_AUTHORITY_INVALID error.
Therefore, you must delete the cached certificate so your computer can save an up-to-date version. Afterward, test opening the website again to check if the error persists.
Delete an SSL on mac OS
Your Mac stores the SSL certificates in the Keychain Access tool. You can open it from Finder > Go > Utilities > Keychain Access.
In the next window, you can see the stored certificates from the Certificates tab. Any untrusted or problematic certificate is marked with a red cross when selected. The certificate of the website you have trouble accessing might be one of them. Right-click on it and select Delete to remove the certificate.
Your computer should save the correct version the next time you visit the website.
Clear the SSL State on Windows 10 and Above
Windows users must clear the SSL state from the Control Panel. Start by clicking on the Windows menu in the lower left corner and type in the search bar “control panel.” Click on the Control Panel icon that will appear as the first result.
In the Control Panel menu, click on the Network and Internet icon.
Next, choose Internet Options, which will open a new pop-up screen.
Here, open the Content tab and press the button Clear SSL state. Your computer will wipe the data of all saved SSL certificates.
Summary
The NET::ERR_CERT_AUTHORITY_INVALID error can easily throw you off if you are unfamiliar with it. Browsers display huge warning signs and intimidating messages that suggest a serious threat.
However, in reality, there is no immediate danger, and the error is caused by local device issues or misconfigured certificates that you can quickly fix. This article helped you understand the nature of the problem, what causes it, and how to fix it. So next time you encounter it, you will confidently approach it, knowing how to deal with it.