Resolving ERR_CERT_AUTHORITY_INVALID in Chrome, Firefox, and More

While browsing the web, you might have come across the error “ERR_CERT_AUTHORITY_INVALID”. It is a common error encountered when visiting websites with Secure Sockets Layer (SSL) issues. If you are an owner of the website, an ERR_CERT_AUTHORITY_INVALID error can harm traffic and revenue, rendering the site inaccessible to visitors.

In simple words, your browser could not recognize the validity of your certificate. To keep you “safe” it displays this error, so you’re aware that there is something fishy going on.

In this post, we will understand what exactly the ERR_CERT_AUTHORITY_INVALID error is, the root causes of the error, and effective solutions to fix it. Let’s begin.

What is ERR_CERT_AUTHORITY_INVALID?

The “ERR_CERT_AUTHORITY_INVALID” error generally appears when your web browser detects a problem with the security certificate of a website you are trying to access. The security certificate is issued by a trusted certificate authority (CA) and is crucial for secure communication between your browser and the website. When your browser can not verify the certificate, it throws this error to protect you from potential security risks.

Primarily, there are three main root causes for the invalid certificate authority error. Let’s break down each of them.

Self-signed SSL Certificate: If you are using a self-signed certificate, it will save you money, but since the browsers can not verify its validity, your visitors may run into the error in question. Browser warnings can scare a lot of users away, so we recommend against this approach.

Expired SSL Certificate: If your website’s SSL certificate is expired, you may face issues. How long your certificate lasts can vary, but at some point, you will need to renew it or automate the renewal process.

SSL Certificate from Non-trusted Source: Same as a self-signed certificate, if the browser can not verify the authority that has generated your SSL certificate, you will see an error while browsing your domain.

Causes of ERR_CERT_AUTHORITY_INVALID

Now, you know what exactly the error “ERR_CERT_AUTHORITY_INVALID” is. Let’s understand the common cause of the error.

1) Expired SSL Certificate

When you purchase an SSL certificate, the signing authority issues the certificate for your domain for a specific period, generally 1 year. You will need to renew it when the certificate expires. If you forget to renew your certificate and if your website is running with the expired SSL certificate, you may encounter an “ERR_CERT_AUTHORITY_INVALID” error while browsing your website.

2) Misconfigured Certificate

Sometimes, a certificate may be misconfigured, containing incorrect or incomplete information. This could result from improper installation or settings.

For instance, due to a human error, you have entered an incorrect common name for your SSL certificate and may get an error while browsing your website. Suppose you have issued an SSL certificate for DOMAIN.COM and installed the same certificate for your sub-domain: ABC.DOMAIN.COM; you may experience the error while browsing your website. So, you need to issue the SSL certificate with the correct name of your domain.

3) Untrusted Certificate Authority

Your web browsers rely on a list of trusted certificate authorities to verify the authenticity of the SSL certificates. If an untrusted or unknown CA issues a website’s certificate, it will trigger the error.

Also, the hosting server in which your website is hosted doesn’t have a valid CA bundle installed on the server, you may encounter SSL errors while browsing the website.

4) Incorrect Date/Time

Incorrect system date and time settings can interfere with the certificate validation process. Incorrect date, time, or timezone can sometimes cause ERR_CERT_AUTHORITY_INVALID error while visiting your website. The SSL certificate issued to any website is for a specific time. If your system has an incorrect date or time, your browser will consider the SSL certificate invalid and will not let you browse the website.

5) Browser Cache

When you browse any website, your browser stores static data in cache memory. When you visit the same website again, it will load the unchanged data from the cache. So, if your browser has outdated or corrupted cache information, it can cause SSL certificate errors.

6) Firewall/Antivirus Issue

Having a good antivirus or firewall protecting your computer is crucial for web security. However, they may sometimes obstruct your access to certain websites by blocking their IPs or HTTPS connection. If the web server in which your website is hosted uses an outdated TLS/SSL protocol, your antivirus software may block access to it. In other words, overzealous security software can sometimes intercept secure connections and cause certificate validation issues.

How to Resolve ERR_CERT_AUTHORITY_INVALID

We now know what exactly the error “ERR_CERT_AUTHORITY_INVALID” is, and its possible causes. So, are you ready to check out the solutions to fix it? Let’s explore.

1) Try Reloading the Page

In many cases, it happens that the error “ERR_CERT_AUTHORITY_INVALID” is temporary and it disappears when you reload the page. It only takes a second to do so, so it doesn’t hurt to try.

If the error still exists after multiple reloads, you can also try accessing the website using “Incognito Mode” if your browser offers that option. The option is also called “Private Window”.

If the website loads fine in incognito mode, that means the error is likely caused by your browser attempting to load an outdated cached version of the page. That gives you enough information to tackle the problem directly. To fix the browser cache issue, refer to the next solution in this guide.

2) Try Different Browser

You may find it crazy. Why should you leave your favorite browser and use a different one? Well, you should check the same website in another browser to see if it is working fine.

If the same website works fine in any other browser, it is clear that the issue you are getting is with the browser you are using. You can apply the various solutions mentioned below to fix the issue with your browser.

3) Clear Browser’s Cache

If browsing the website in a private window worked, the issue is probably related to your browser’s cache. Modern web browsers store SSL certificates in a cache, much like other data. It means they don’t have to verify the certificate every time you visit a website, which speeds up the browsing. However, if the website’s SSL certificate changes and the browser is still loading the older one, it can cause the “ERR_CERT_AUTHORITY_INVALID” error.

You should remove the browser cache, restart the browser, and try accessing the website again.

In most browsers, you can press CTRL + SHIFT + DELETE buttons to open Cache and Cookie settings. Select “Everything” in the Time Range and select Cache. Ensure you do not remove other important data while clearing the cache.

4) Update Your Browser

Outdated browsers and OS are the most common causes of SSL errors. You should never use outdated OS or browsers. Some older browsers and OS do not support the latest SSL/TLS protocols. Hence you may encounter SSL errors while browsing websites with HTTPS.

Check for updates on both the browser and the OS you are using. Install updates immediately to ensure the security of your system if there are pending updates.

In most of the browsers go to Help ⇒ About. You will find the version information. If there is an update available, you will see it there. It will also allow you to update your browser to the latest available version.

5) Try Using a Different Network

In some cases, the “ERR_CERT_AUTHORITY_INVALID” error pops up when you are using a public network, such as the ones you can find in common public places. These networks often do not route traffic securely, which can trigger the error.

If you are using a public network for your system, we recommend trying to access your website through your smartphone using its mobile data. Your goal here is to determine whether the original network was causing the problem.

If the error disappears when you are using mobile data, then you know you need to switch networks. Another option to protect your privacy if you regularly use public internet access is to sign up for a Virtual Private Network (VPN).

A good VPN service will help protect your data even if you are using an unsecured point of access. You will need to pay if you want to use a quality VPN service, but the expense is well worth it if you are always on the move.

6) Run an SSL Server Test

If you have recently installed an SSL certificate for your website, there might be an issue with the setup process. It generally happens when you install the certificate manually instead of using a web hosting control panel.

Don’t worry. You can easily test the health of your SSL certificate with any online tool such as; SSL Labs. It will give you the detailed information about your SSL free of cost.

Once you run the SSL report in SSL Labs, their system will check the status of the SSL certificate on your website. When you get A or A+ score, generally there should be no issue with the certificate. If there is any issue with the certificate, their report will tell you.

In case your SSL certificate is not valid, or is expired, or if it is not trusted, you will need to collect the valid certificate and reinstall it for your website. Once you have done it, re-run the SSL test.

7) Renew Your SSL Certificate

Most of the SSL certificates are valid for a specific period. So, you will have to renew it when it is due. The renewal process verifies your domain’s identity, and without it, certificates would lose some of their validity.

Also, if you use Let’s Encrypt SSL from Certbot, you can set it to renew automatically.

If you have purchased any other SSL certificate from your hosting provider or some other SSL provider, you will have to follow the renewal process. After renewing the SSL certificate, browse the website again.

8) Correct System Date/Time

SSL certificate validity is a crucial element in the SSL authentication process. Before accessing a website, the browser will check the SSL certificate’s signed and expiry dates using the system’s date and time settings.

If they are wrong, it may appear the certificate is no longer valid. Thus, adjusting the settings is one of the most effective ways for site visitors to fix the SSL error.

Simply click on the Date and Time settings of your system and correct them.

9) Disable Your Firewall or Antivirus Software

Firewalls and Antivirus tools are crucial to safeguard your system against various issues, including malware. But, if you are still facing the “ERR_CERT_AUTHORITY_INVALID” error after performing the above fixes, try disabling Firewall/Antivirus software temporarily.

If you can browse the website after turning off the firewall/antivirus, you can be sure they are the culprit.

Once you have found the root cause, you need to find which exact rule in the firewall/antivirus is blocking your access to the website and fix it.

10) Wipe Your Computer’s SSL State

Your computer keeps cached copies of certificates from websites you visit temporarily, so it doesn’t have to run through the entire verification process each time you access them.

Same as your browser cache, you can wipe your system’s SSL state when you run into invalid certificate authority errors.

If you are using a Windows system, search for “Internet Options” from the Windows search box. Go to the Content tab and click on “Clear SSL State”. Now, try reloading the page.

Conclusion

The error “ERR_CERT_AUTHORITY_INVALID” can take some time to troubleshoot if you are unable to find the exact root cause of it. Also, if your visitors are seeing it as well, it will harm your reputation and business. But, we have mentioned the quick fixes that you can apply by yourself easily. If you still face any issues, feel free to contact us.