Certificate has been revoked

What it means

Certificates can be cancelled before they expire. When that happens, the issuing CA publishes the revocation, and browsers that check it will block the certificate with ERR_CERT_REVOKED. Revocation is a deliberate act, usually because the private key was exposed, the certificate was issued in error, or the domain changed hands. A revoked certificate can't be un-revoked; the site needs a fresh one.

When it happens

You'll hit this if a key was compromised and the cert was revoked in response, if the CA revoked it for a policy or mis-issuance reason, or if an old certificate was deliberately killed during a security incident and is somehow still being served. It can also surface briefly during a sloppy migration where the revoked cert wasn't swapped out everywhere.

How to fix it

1. 1Treat a revocation as a security event first: if the private key may have leaked, rotate it and investigate before anything else.
2. 2Request a brand-new certificate with a new key pair from your CA, then install it on every server and endpoint that was serving the old one.
3. 3Remove the revoked certificate completely so nothing falls back to it, including CDNs and load balancers.
4. 4Verify the live certificate after deployment to make sure the revoked one is gone from every path.