SSL & certificate errors
When a browser refuses to load a site over HTTPS, it throws one of these cryptic error strings. Most of them come down to a handful of causes: an expired certificate, a name that doesn’t match, a broken trust chain, or a clock set to the wrong day. Below is each common error in plain English, with what it means and how to clear it.
NET::ERR_CERT_DATE_INVALIDThe certificate's validity dates don't line up with the current time, usually because it expired or the device clock is wrong.
NET::ERR_CERT_AUTHORITY_INVALIDThe browser can't trace the certificate back to a trusted authority, which is what happens with self-signed certs or a missing intermediate.
NET::ERR_CERT_COMMON_NAME_INVALIDThe hostname you visited isn't covered by the certificate's names, so the browser treats it as the wrong certificate.
ERR_SSL_PROTOCOL_ERRORThe TLS handshake fell apart before a secure connection could form, often from a protocol mismatch or a broken server config.
ERR_SSL_VERSION_OR_CIPHER_MISMATCHThe browser and server share no common TLS version or cipher suite, so they can't agree on how to encrypt the connection.
ERR_CERT_REVOKEDThe certificate authority pulled this certificate back before its expiry date, so the browser refuses to trust it.
NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIREDThe certificate isn't backed by the public Certificate Transparency logs the browser now requires.
ERR_CERT_WEAK_SIGNATURE_ALGORITHMThe certificate was signed with an algorithm now considered too weak to trust, such as SHA-1.
SEC_ERROR_EXPIRED_CERTIFICATEFirefox's way of saying the certificate is past its expiry date or the system clock is wrong.
SSL_ERROR_BAD_CERT_DOMAINFirefox's name-mismatch error: the certificate doesn't cover the hostname you're visiting.
Check a site’s SSL certificate
Paste a domain and Sitewell inspects its certificate: expiry date, the hostnames it covers, the chain, and the issuer. Free, no signup.