fb-pixel
Logo Supporthost

How to solve ERR_CERT_AUTHORITY_INVALID error

June 23, 2022 / Published in:  from Ivan Messina
No comments

If you have a website and even if you have installed the SSL certificate, it is possible that your users will run into the ERR_CERT_AUTHORITY_INVALID error.

This problem is also known as an invalid certificate authority error, this occurs when the browser used by the user visiting the website does not recognize the SSL certificate as a valid certificate.

In the following article, How to solve the ERR_CERT_AUTHORITY_INVALID error, we will see what an SSL certificate is and what causes the error.

After seeing the reasons for the error, we will look at possible solutions to solve it.

What is an SSL certificate

The SSL certificate is part of a network protocol for securing communications between the client (i.e., the browser) and the server on which the Web site is hosted.

This certificate specifically ensures that website navigation is encrypted and that connections are established through a secure connection.

Therefore, whenever a user browses a website that has an SSL certificate, they are browsing a secure site that protects their personal information, data, and credit card information.

This makes it possible to ensure that any customer or user data is secure and cannot be intercepted by unauthorized persons or individuals.

If the browser fails to verify that the site's SSL certificate is valid, it may display a warning with the ERR_CERT_AUTHORITY_INVALID error. This notice is intended to inform you that the site does not use a secure or private connection.

How is the SSL certificate obtained?

Nowadays, the SSL certificate comes with hosting. Each provider provides its potential customers with a number of different packages for purchasing hosting or servers, all of which now generally come with an SSL Certificate included.

If you have recently adopted the secure protocol, going from http to https, you need to generate the SSL certificate.

All of our hosting plans include the SSL certificate which is activated automatically. If, however, you need to install the SSL certificate before automatic activation, you can follow our tutorial on how to install the SSL certificate for free and check its status.

Now that we have seen how to get an SSL certificate, let's see what the ERR_CERT_AUTHORITY_INVALID error looks like.

What is the ERR_CERT_AUTHORITY_INVALID error?

As you may have already understood by now, the ERR_CERT_AUTHORITY_INVALID error occurs when the browser cannot recognize the validity of your SSL certificate.

The reasons why this error occurs can be different, but in general we can point to three main issues.

The SSL certificate is self-signed.

If the certificate you are using is self-signed, browsers will not be able to check its validity. This means that they will treat it as non valid SSL certificate and will display an ERR_CERT_AUTHORITY_INVALID error warning the users trying to access your site.

Many users at the sight of this warning message choose to turn away from the site and seek the desired information or product elsewhere. This can, therefore, represent an economic loss.

The certificate has expired

You can check the expiration of the certificate from the browser. You just click on the icon shaped like a padlock, an i, or a triangle in case an error appears on the site and then click on Certificate. You will then be able to see the expiration indicated in the "Valid from xx/xx/xxx to" section.

Chrome Certificate Expired Or Not Yet Valid

SSL certificates have a limited and variable duration, when they expire they must be renewed to prevent them from becoming invalid. As we will see later, there are also cases where renewal occurs automatically because it is completely managed by the provider.

The certificate is not trusted

The certificate you have chosen to purchase comes from an untrusted source, so the browser cannot verify the authenticity of who generated the certificate and the error will appear. SSL certificates must, in fact, be issued by an authorized body (Certification Authority).

What actually happens in these cases?

This is what happens when an issue of the kind we have just seen has occurred.

The user clicks on the desired search result (your website listed in the search engine SERP) and the loading of the site is interrupted by presenting an error page.

The web page will report the ERR_CERT_AUTHORITY_INVALID error and ask the user if he/she intends to continue browsing the site even though it is not secure or if he/she wants to abandon it instead.

The user doesn't even have time to see your Web site if they don't first agree that they want to continue. This type of error makes it, in fact, unable to reach site and, in most cases, the user abandons the website and moves on to another one that is more secure and reliable.

This is because nowadays online security is prioritized, so when faced with an issue that manifests an error and informs us that we are entering an unsafe site, we prefer not to risk it and abandon it.

This is a huge problem because it will inevitably hurt you. From an economic point of view, if you have an online sales site for products or services, you will see your sales inevitably drop.

At the same time, however, with more and more users abandoning your website and the number of visits dropping, the search engine will tend to penalize you by negatively changing your position within the SERP.

That's why, should your site experience a similar issue, it's a good idea to take immediate action.

Variants of the ERR_CERT_AUTHORITY_INVALID error

Depending on the browser we are using, the ERR_CERT_AUTHORITY_INVALID error can occur in several variations.

Let's see what kind of alerts the different browsers show us.

Google Chrome

Google Chrome is definitely the most widely used browser in the world. When encountering an ERR_CERT_AUTHORITY_INVALID error with this browser, the warning web page will inform the user that the connection is not private.

Chrome Err Cert Authority Invalid Selfsigned Certificate

The site is not blocked altogether, but the user is left with the choice of whether to access it or not. Obviously by accessing the site the user takes the risk and responsibility of browsing an unprotected site.

We need to get into the mindset that entering an unsecured site puts us at risk, because any malicious parties may try to steal data, for example personal information or credit card details. But also passwords, pins or usernames to access personal profiles, banking and so on.

Google Chrome can detect several variants of the ERR_CERT_AUTHORITY_INVALID error, here are te following:

  • NET::ERR_CERT_AUTHORITY_INVALID.
  • NET::ERR_CERT_COMMON_NAME_INVALID
  • NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM
  • NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED
  • ERR-CERTIFICATE TRANSPARENCY REQUIRED.
  • NET::ERR_CERT_DATE_INVALID
  • SSL CERTIFICATE ERROR.

All of these errors are at the root of issues encountered with the SSL certificate.

Mozilla Firefox

Mozilla Firefox goes into more detail and in addition to warning you of the security risks you may run into on the site, it offers an extended message explaining what may happen. Here is the message it presents:

Mozilla Firefox Err Cert Authority Invalid

In this case Firefox does not include a specific code, but may in some cases report one of the following statements:

  • SEC_ERROR_UNKNOWN_ISSUER
  • SSL_ERROR_RX_MALFORMED_HANDSHAKE
  • MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE
  • SEC_ERROR_REUSED_ISSUER_AND_SERIAL

Microsoft Edge

Here is the error code that Microsoft Edge will show you: ERR_CERT_AUTHORITY_INVALID.

Microsoft Edge Err Cert Authority Invalid

As with Chrome, even on Microsoft Edge we can run into some variants of this code, here are the most frequent ones:

  • DLG_FLAGS_SEC_CERTDATE_INVALID
  • DLG_FLAGS_INVALID_CA
  • DLG_FLAGS_SEC_CERT_CN_INVALID
  • ERR_CERT_COMMON_NAME_INVALID
  • ERROR CODE: 0.

Opera

On Opera the ERR_CERT_AUTHORITY_INVALID error is very similar to what appears on Google Chrome. The browser reports the error code and warns us that "the connection is not reserved."

Opera Err Cert Authority Invalid

Other variations of the error on this browser include the following:

  • NET::ERR_CERT_AUTHORITY_INVALID
  • NET::ERR_CERT_INVALID
  • NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM
  • SSL certificate error.

Safari

On Safari the error occurs in the variant "This connection is not private." Again, the browser alerts us by telling us that:

"This website may impersonate (domain of the website in question) to steal your personal or financial information. You should return to the previous page."

Safari This Connection Is Not Private

If we view the details of the error, the browser can provide us with more detailed information about the problem, for example by warning us that the site's certificate has expired or is invalid, as in this example below.

Safari Err Cert Authority Invalid

To get more details, again we can view the certificate directly from the browser. This way we can figure out what is causing the error. In this specific case that I show you below, the site uses a self-signed certificate.

Safari Self Signed Certificate

How to solve ERR_CERT_AUTHORITY_INVALID error

Now that we know what an ERR_CERT_AUTHORITY_INVALID error is, what issues we can run into, and how the error is shown to us on different browsers, it's time to find out how we can solve this problem.

As we will see, there are several possible solutions to solve the ERR_CERT_AUTHORITY_INVALID error. Therefore, in the next paragraphs, let's go over the details on how to deal with the different issues.

Check the validity of the SSL certificate

If the message appears after installing our SSL certificate, it is important to verify that the installation was done correctly.

During the installation process mistakes are bound to happen and you might not notice them right away. This happens especially when you choose to install the certificate manually.

There is a testing tool that will allow you to run a test and verify that the installation was done correctly. You can find several platforms that offer you this possibility online, for example Qualys SSL Labs offers a free verification tool.

The test you are going to run will allow you to see what problem has occurred. These tests will also allow you to see whether or not your SSL certificate is trusted.

Ssl Test Selfsigned Certificate

In this example, the tool helps us identify the cause of the error, which is a self-signed certificate.

If the test shows that there are errors, then you can follow the suggestions shown to solve them. For example, if there are problems about the trustworthiness of the certificate, you will need to install one issued by a trusted entity.

Choose to purchase an authoritative certificate.

Today it is possible to obtain authoritative certificates without any problem so there is no point in using a self-signed certificate that will make visitors to your site come across the error ERR_CERT_AUTHORITY_INVALID.

In case you do not want to incur a financial expense, you can get free certificates from Let's Encrypt. This service provider is considered reliable by all browsers, so you will not encounter any problems with its certificates.

This solution is ideal in many cases, and to get your free certificate all you have to do is log on to the Let's Encrypt Homepage.

On the other hand, it is not ideal when you want to create an ecommerce site that either deal with products or info-products or services. In this case it is, in fact, more suitable to use premium SSL certificates, which are always paid for.

This choice will allow you to provide your customers with more security when purchasing on your website. In this case, always remember to purchase SSL certificates from a valid authority recognized by browsers, so that you do not run into the ERR_CERT_AUTHORITY_INVALID error.

Those who opt for the free version and get it directly from the Let's Encrypt site, should remember that since it is a free product it has a quick expiration date and you will therefore need to remember to update it.

With all of our plans starting from shared hostong, WordPress hosting, semidedicated hosting up to dedicated services such as VPS cloud hosting and dedicated server, we provide a free SSL certificate (Let's Encrypt).

If you use our services, SSL certificate installation and activation is done automatically. SSL certificate renewal is also automatic, so you won't have to worry about renewing it when it expires.

Renew your SSL certificate.

We mentioned that another frequent issue is, to be faced with an expired certificate; for security reasons, every certificate must be renewed at a specific cadence.

This speed of expiration is additional protection for you and your users-for example, free certificates tend to expire every 90 days or so, while paid options far exceed this time frame.

Unless we have automated everything, we will have to remember to renew the various certificates otherwise users trying to access our site will run into the ERR_CERT_AUTHORITY_INVALID error message.

The procedure for renewal varies depending on where you purchased the certificate and then by host. Many hosts do not allow you to access the renewal settings for the various SSL certificates, while others allow you to renew them even before they expire.

In our case, as we said before, the renewal of Let's Encrypt SSL certificate is done automatically.

How does your host work? Inform yourself during the purchase on how you should deal with the various renewals, whether they will be done automatically or you will have to do them yourself.

If your site encounters the ERR_CERT_AUTHORITY_INVALID error and the problem is the expired certificate, just renew it and make sure the warning no longer appears.

Loading errors

Often the ERR_CERT_AUTHORITY_INVALID error appears due to an error in page loading that may also be related to a connection issue.

In these cases the problem is momentary, in fact, you will only have to reload the page to see that the warning is no longer there.

That is why before you panic at the ERR_CERT_AUTHORITY_INVALID error, it is good to run some tests and really understand what the problem is.

Cache problems

To check whether the problem is related to your browser cache, simply access your site by taking advantage of incognito mode in Google Chrome or another browser.

If this way the warning is gone, then it means that the problem is caused by your browser cache loading an older and outdated version of your website.

To solve the problem in this case you just need to clear the browser cache. Let's see how you can clear your cache based on the browser you are using.

How to clear cache from Google Chrome

After opening Google Chrome, you will find an icon with three dots (⁝) in the upper right corner. Click the icon and you will see that a drop-down will open. From the menu click the Other Tools item and you will see a sub-menu open where you have to click the Delete browsing data item.

After that, select the data you want to delete. For example, you can delete cached files and cookies, but keep history and passwords.

Chrome Clear Browsing Data

After you click Clear Data, your cache will be wiped clean and you can return to browsing safely.

How to clear cache from Mozilla Firefox

For Mozilla Firefox, you need to open your browser and click on the menu in the upper right corner. Here select the history item and then Clear Recent History.

Mozilla Firefox Clear Cache

After a few minutes your browser will be back to browsing properly.

How to clear cache from Internet Explorer

In order to clear the cache from Internet Explorer you will have to click on the top right gear icon (tools menu).

In the menu that opens select the Security item, a submenu will open and you will have to click on Delete Browsing History.

Internet Explorer Delete Browsercache

How to clear cache from Safari

On Safari, by opening the browser, you will be able to click on the top menu the History item.

Safari Histhory

At this point in the new window you will have to click on Clear History.

Fix Err Cert Authority Invalid Safari Clear Hishory Data

After that you just choose the period, choosing all history will erase all of Safari's history both recent and past.

Safari Clear Histhory Data

However, if you want to clear only the cache and cookies then you can opt for another option, here's what you need to do: enable the Development menu by going to preferences and clicking Advanced.

Safari Enable Develop Menu

After that you can click on the Empty Cache item from the Development menu.

Safari Empty Caches

If, on the other hand, you want to delete all cookies from a single site, you can go to Settings -> Privacy and click on Manage Website Data.

Safari Manage Website Data

After that you can delete the cookies you see listed.

Safari Delete All Cookies

How to clear the cache from Opera

Open Opera, click the icon in the upper left-hand corner and a menu will open. Among the various items you will have to select History and then Delete Browsing Data.

Opera will ask you to select the data you want to delete, then you should check only the Cached images and files box and click Delete data.

Fix Err Cert Authority Invalid Opera Clear Cache

How to clear cache from Microsoft Edge

For Microsoft Edge you will need to click on the 3 dots icon in the upper right corner. Click on the Settings heading and search for "clear browsing data" in the search bar. Then click on Choose what to delete.

To only clear the cache you will need to check the box next to Cached images and files, as seen below.

Microsoft Edge Clear Cache

Missing synchronization of the PC Clock.

Another problem that can cause the ERR_CERT_AUTHORITY_INVALID error is that the PC clock is not synchronized, so your PC is marking the wrong date and time or only one of the two.

It may sound silly, but actually if your PC clock is not set correctly it can interfere with your browser and thus generate various errors.

Fortunately, everything can be solved in a few minutes; in fact, you only need to set the correct time and date on your PC to fix the error.

Then make sure you enter the correct date and time and reload the web page. If the error depended on the clock settings, you will see that the alert will no longer appear.

Let's see how to set the clock according to your operating system.

Windows

On Windows you can change the settings by clicking on the clock that appears in the taskbar. Right-click on the time and then click on Adjust Date/Time.

Windows 10 Adjust Date And Time

After opening the settings you can set the date and time to update automatically. You just need to enable the Set time automatically option as you see shown below.

Windows 10 Set Time Automatically

MAC

If you have a macOS operating system, let's see what is the procedure by which you can change your date and time and resolve issues related to the ERR_CERT_AUTHORITY_INVALID error.

Firstly, you will need to open System Preferences from the Apple menu.

Mac System Preferences

After that click on Date and Time.

Mac System Preferences Date E Time Settings

You will then need to check the option set date and time automatically.

Mac Set Time Zone Automatically

Make sure the time zone is also correct. If the problem was the time or date was not synchronized, the error will be fixed.

Change the network

If you are using a public network, then it is possible that the error message will appear because of this. Public networks are those that we find in common areas that are open to the public such as parks, cafes, bars or hotels.

These networks have very high traffic and are not always secure, which is why you may encounter the ERR_CERT_AUTHORITY_INVALID error. To check if this is really the problem you just need to access the website using another network.

You can, for example, take advantage of your mobile network, so you have two options either try to access the website using your smartphone or you can share the mobile connection with your computer via tethering.

If this way the error does not occur, then you only need to use a different network than the one you were using.

If you often work in public places and take advantage of public wi-fi networks, one way to protect yourself is to rely on the virtual private network known by the acronym VPN.

This network allows every user to browse in total security, of course it is not a public network but a private network and is chargeable.

Online you can also come across free VPNs but they do not perform well, so if you want to explore this option, it is best to purchase a good service. VPN allows you to protect all your data even if you have taken advantage of an unsecured access point.

Disable the VPN or antivirus.

If you are already using a VPN it is possible that the ERR_CERT_AUTHORITY_INVALID error code is due to it, so the option is to try temporarily disabling it.

Antivirus may also be the cause of the appearance of the error because it recognizes the site as invalid. In the case of both VPN and antivirus, it is good to do a test run.

The test is to disable the service and see if the website is working properly, if yes then the problem is one of the two services. Try reactivating one at a time, if you use both, to see which one is generated by which one.

Once the service causing the error is identified, the solution is to contact the support team and request assistance or try clearing the cache and reloading the page.

Remove SSL status from PC.

Your PC tends to keep a cached copy of the various SSL certificates of the websites you have visited for a short time, this is to achieve better browsing results and not have to re-run the whole identification procedure each time.

You can try clearing the computer's SSL status to try to resolve the ERR_CERT_AUTHORITY_INVALID error. To do so you will need to change some settings. This procedure can also help you resolve other errors such as err_ssl_version_or_cipher_mismatch error. Let's see how to do it in the next paragraphs.

Windows

On Windows open the Control Panel and click on Internet Options. Then enter the contents tab and click on Clear SSL State.

Fix Err Cert Authority Invalid Windows Clear Ssl State

Now all you have to do is verify that the problem has disappeared, then go back to the site and reload the page.

MAC

If you're using macOS you'll have to go and delete the certificate directly in the Mac's keychain. So click on the Finder icon and select GO, then select Utilities and from the submenu select Keychain Access.

Mac Keychain Access

Now that you are inside the keychain, you have the ability to take action and delete what you are interested in, this solution proves useful when in the past we have agreed to access a website that had an invalid certificate.

So our operating system has registered this option in this section and allows us to change the settings by deleting that certificate.

Now we must therefore select category and finally certificates. All certificates that show a red X are unreliable so you can delete them by selecting Edit at the top of the screen and finally Delete them.

Conclusion

In this article, How to solve the ERR_CERT_AUTHORITY_INVALID error, we have taken you through the ERR_CERT_AUTHORITY_INVALID error that is particularly common and easy to run into.

We have seen what the error looks like on different browsers and what are its possible variants.

We've explained what an SSL certificate is, how to purchase it, and which ones are most suitable based on the site. And finally we saw what are the reasons that cause the ERR_CERT_AUTHORITY_INVALID error and how you can solve them, one by one.

Were you able to resolve the error? What was the cause in your case? Let me know in the comments below.

author image

Ivan Messina

Founder of SupportHost. With over 10 years of experience in web hosting, he works every day to improve the service and pays attention to each and every customer.

Related posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.