NET::ERR_CERT_AUTHORITY_INVALID? Easy Fixes That Work

Just imagine: you are trying to log in to a website, and suddenly a massive warning pops up on your screen—NET::ERR_CERT_AUTHORITY_INVALID. Most people would simply close that tab and move on. But what if this were your own website, displaying this exact error to every single visitor?

This error indicates that your browser is unable to verify the SSL certificate of the site you are visiting. While this may appear alarming, in most cases, it can be completely resolved. This guide covers every potential cause and solution—whether you are a visitor or the site owner.

Quick Checks — Try These First

Reload the page — sometimes a simple refresh fixes a temporary glitch.

Check your system’s date and time — if the date/time is incorrect, certificate validation fails immediately.

Open the site in Incognito mode — this eliminates the possibility of a corrupted browser cache.

Try another browser — this will reveal whether the issue is specific to Chrome or not.

Disable your VPN or antivirus temporary — they may block the SSL connection.

Try a different network — Public Wi-Fi hotspots block SSL verification until you sign in.

What is NET::ERR_CERT_AUTHORITY_INVALID Error?

NET::ERR_CERT_AUTHORITY_INVALID is a browser security error that appears when your browser is unable to trust or verify a website's SSL certificate. This certificate either originates from an untrusted source, has expired, or is 'self-signed'—consequently, the browser blocks the connection to safeguard your security.

Every website using HTTPS requires an SSL certificate issued by a trusted Certificate Authority (CA). When your browser is unable to verify this chain of trust, it displays this error rather than allowing you to connect insecurely.

You may also see this as ERR_CERT_AUTHORITY_INVALID, SEC_ERROR_UNKNOWN_ISSUER (Firefox), or NET::ERR_CERT_COMMON_NAME_INVALID—all of which point to the same underlying issue.

Why Does This Happen?

• The website is using a self-signed certificate — browsers do not trust certificates that you create yourself.
• The SSL certificate has expired — certificates have a validity period and must be renewed.
• Intermediate certificates are missing from the site — a broken trust chain confuses the browser.
• Your system clock is incorrect — due to the incorrect date, even valid certificates appear to have expired.
• Your browser’s cache is corrupted — old and stale certificate data is causing incorrect errors.
• A VPN or antivirus is intercepting your HTTPS connection and replacing its certificate.
• You are on a public Wi-Fi portal — the hotspot blocks HTTPS until you sign in.
• This certificate was issued by an untrusted authority that major browsers do not recognize.

Step By Step Fixes For NET::ERR_CERT_AUTHORITY_INVALID

1. Sync Your System Date and Time

An incorrect system clock is the biggest hidden cause of this error. Browsers use your device’s clock to verify whether a certificate is valid or has expired.

• On Windows: Right-click the clock → Adjust date/time → turn on Set time automatically.
• On Mac: Go to System Settings → General → Date & Time → enable Set automatically.
• Reload the page and check if the error is gone.

2. Clear Browser Cache and Cookies

Corrupt cache files can force your browser to reject a completely valid SSL certificate.

• In Chrome: Click the three-dot menu → Settings → Privacy and security → Clear browsing data.
• Select Cached images and files and Cookies → click Clear data.
• Restart Chrome and revisit the site.

3. Clear the SSL State on Windows

Windows stores SSL session data separately from Chrome’s cache. Clearing it removes old certificate information.

• Open the Start menu → search for Internet Options → open it.
• Go to the Content tab → click Clear SSL state.
• Click OK → restart Chrome.

4. Update Your Browser

Older browsers do not recognize new Certificate Authorities. An update can fix this immediately.

• In Chrome: Click three dots → Help → About Google Chrome.
• Chrome will check for updates automatically and prompt you to relaunch.

5. Disable VPN, Antivirus, or Firewall Temporarily

Some security tools intercept HTTPS connections and replace the site’s certificate with their own—which browsers reject.

• Temporarily turn off your VPN and/or antivirus software.
• Reload the page to check if the error disappears.
• If it does, whitelist the site in your security software settings.

⚠ Warning: Only disable your antivirus briefly for testing. Re-enable it right after.

6. Disable Problematic Browser Extensions

Ad blockers, proxy extensions, or privacy tools can interfere with the verification of SSL certificates.

• Open Chrome in Incognito mode (extensions are off by default).
• If the site loads fine, go to chrome://extensions and disable extensions one by one.
• Toggle all extensions off at once and reload the site.
• If it loads—then, to identify the culprit, restart them one by one.

7. Sign In to the Wi-Fi Portal

Public Wi-Fi networks found in cafes, airports, or hotels block HTTPS until you accept their login page. This results in a false SSL error.

• Open a non-HTTPS site like http://example.com to trigger the portal login page.
• Complete the sign-in or accept the terms.
• Return to the original site — it should load normally now.

8. Renew or Replace the SSL Certificate 

If this website belongs to you, the most likely reason is an expired or self-signed SSL certificate. Obtain a new certificate from a trusted CA.

• Log in to your hosting control panel (cPanel, Plesk, etc.).
• Navigate to SSL/TLS settings and check the certificate expiry date.
• If expired, request a renewal. Many hosts offer free SSL via Let’s Encrypt.
• If self-signed, replace it with a certificate from a trusted CA like Let’s Encrypt or Comodo.

⚠ Self-signed certificates are fine for local development — but never use them on a public site.

9. Install Intermediate Certificates 

If the intermediate certificate chain is missing from your server configuration, this error may occur even if you have a valid SSL certificate.

• Get the intermediate certificate bundle from your SSL provider (usually a .ca-bundle file).
• In cPanel: Go to SSL/TLS → Manage SSL Sites and paste the bundle into the CA Bundle field.
• Save and restart your web server.

10. Enable Auto-Renewal for SSL Certificates 

Certificates expire without any prior notice. Enabling auto-renewal ensures that this error never appears on your site due to an expired certificate.

• In cPanel or your hosting dashboard, find the SSL settings.
• Enable Auto-renew for your SSL certificate.
• Set a reminder 30 days before expiry as a backup alert.

How to Prevent This Error

• Always get SSL certificates from a trusted Certificate Authority (e.g., Let’s Encrypt, DigiCert, Comodo).
• Enable auto-renewal on your hosting panel — never let a certificate expire.
• Always install the full certificate chain including intermediate certificates
• Keep your browser updated to support the latest CA bundles.
• Monitor your SSL certificate with free tools like SSL Labs every few months.
• Avoid using self-signed certificates on public websites — use them only locally.

Best Practices

Use SSL Labs' free SSL checker (ssllabs.com/ssltest) to instantly audit your certificate chain, expiry date, and trust status. It shows exactly what your browser sees.

If you're a developer testing locally with a self-signed cert, type thisisunsafe directly on the Chrome error page (no input box needed) to bypass the warning for local testing only.

Set up uptime monitoring with certificate expiry alerts using tools like UptimeRobot or Better Uptime — they notify you weeks before a certificate expires, not after visitors see the error.

Frequently Asked Questions