Certificate date is invalid

What it means

Every TLS certificate has a start date and an end date. The browser checks the current time against that window, and if today falls outside it, the connection is refused with NET::ERR_CERT_DATE_INVALID. There are two ways to land outside the window: the certificate genuinely expired (its end date is in the past), or the device thinks it is a different day than it really is, so even a perfectly valid certificate looks expired or not-yet-valid.

When it happens

The most common cause is an expired certificate that nobody renewed in time. Auto-renewal can fail silently, a reminder gets missed, or a manual cert lapses over a weekend. The second most common cause sits on the visitor's side: a laptop with a dead CMOS battery, a phone that reset to 1970, or a machine whose clock drifted by days. If only one device sees the error while everything else loads the site fine, the clock is the suspect.

How to fix it

1. 1Check the certificate's expiry date first. If it's in the past, renew or reissue the certificate and install the new one on the server.
2. 2If you use Let's Encrypt or another automated issuer, look at why renewal didn't run. A broken cron job or a certbot hook failure is the usual culprit.
3. 3Reload the certificate-serving process (Nginx, Apache, the load balancer) after installing a new cert so it stops handing out the old one.
4. 4If the site loads fine elsewhere, fix the visitor's clock: set the date, time, and time zone correctly and enable automatic time sync.
5. 5Confirm the fix from an outside vantage point rather than the browser that cached the error.