⚠ BEWARE ⚠
DO NOT ENTER
PERSONAL INFORMATION
When receiving a security warning from your browser it’s a red flag to exercise an overabundance of caution with the information you provide that website. Never input any PII into sites that throw browser security warnings until those warning have been resolved.
When it comes to transmitting any private information it’s vital to recognize the warning signs your browser displays. Especially when there is a problem with the security of the website you are visiting. Since SSL certificates are issued for a predetermined amount of time, one of the most basic problems that can occur with any security certificate is as simple as the certificate reaching its expiration date. That said, an expired certificate error also doesn’t necessarily mean the certificate is expired.
Today we dive into the process of troubleshooting these types of invalid or expired errors in our journey to How To Fix Error Code: NET::ERR_CERT_DATE_INVALID.
How to recognize expired SSL certificates?
Before we can cover the potential causes associated with How To Fix Error Code: NET::ERR_CERT_DATE_INVALID, we must first be able to recognize the error as it appears our browsers. It may seem trivial at first, but all browsers are not created equal. In fact some browsers very purposefully behave differently than others, ahem, I’m looking at you Microsoft. Kidding aside, it’s not just a bad habit of Microsoft, but many browser developers.
But why is that? I’m afraid it’s the nature of the beast. Browser developers work hard on making their brand of browser to be unique so that it stands apart from the crowd, and man these days, this crowd is expansive. So that leaves us in a bit of a bind when it comes to identifying error messages in the different variations of browsers so widely available in the modern world.
⇨ Browser Variant Family Matrix
NameHero
Use the browser variant family matrix below to identify the family of the browser variant you are troubleshooting.
Avast, Blisk, Brave, Chromium, Epic, Google Chrome, Ungoogled Chrome, Vivaldi, etc…
Basilisk, IceCat, LibreWorlf, Mozilla Firefox, Pale Moon, Swiftweasel, Tor, Waterfox, etc…
Microsoft Edge, Microsoft Edge: Internet Explorer Mode, Microsoft Edge Legacy
Opera, Opera Crypto, Opera GX, Opera Mini, Opera Mobile, Opera Neon
Apple Safari, Apple Safari for Windows
How To Identify Expired Certificate Errors In Your Browser
Recognizing expired certificate errors can differ between each browser variant family. You might say that a big line of delineation between browser families is the specific set of error codes and message verbiage used by each. So trying to identify a specific error code may not be as straight forward as one might think when crossing the lines between these families. Sometimes the entire error message is changed, making it troublesome to decipher if the error message you saw in Firefox is the same one thrown by Chrome variants (it isn’t). Take a look at the following simplified matrix of Expired Certificate Errors by Browser based on using the Chrome error code NET::ERR_CERT_DATE_INVALID, you can see how the error message changes between each family:
- Expired Certificate Errors by Browser Family
Chrome
⇨
NET::ERR_CERT_DATE_INVALID
Firefox
⇨
SEC_ERROR_EXPIRED_CERTIFICATE
MS Edge
⇨
NET::ERR_CERT_DATE_INVALID
MS Edge IE
⇨
DLG_FLAGS_SEC_CERT_DATE_INVALID
Opera
⇨
NET::ERR_CERT_DATE_INVALID
Safari
⇨
The certificate for this website is invalid.
Chrome, Firefox, and Edge (IE Mode only) use fundamentally different error codes. This is mainly due to the history of their unique predecessors. Opera and Microsoft Edge are technically Chrome variants, but they have diverged enough from the originals they have become their own family. Apple Safari focuses on straight forward error messages, instead of complicated technical jargon that might otherwise confuse their target audience. The above messages are all mostly equivalent, though the less specific approach by Apple can make it difficult to know what part of an SSL certificate chain is faulty. Nevertheless we can troubleshoot the generic Apple message the same way we would deal with other related certificate errors.
In our example above we can see the error message can changed significantly between browser families. However, lets take a look into what these error messages look like in the wild, directly in each of these browser engines as there is no substitute for the real thing.
Chrome Firefox MS Edge IE MS Edge Opera Safari
HOW TO Identify Expired Certificate Errors in Chrome
NET::ERR_CERT_DATE_INVALID
Chrome variants prominently display their invalid certificate error code without any additional steps. Simply review the details of the error message text once you land on a “Your connection is not private” error page.
Text-only Instructions
- Review the error code directly on the page.
Visual Instructions
1
Review the Error Message directly on the page.
HOW TO Identify Expired Certificate Errors in Firefox
SEC_ERROR_EXPIRED_CERTIFICATE
Mozilla Firefox uses the same error codes and messaging of its original predecessor. In order to view the equivalent of NET::ERR_CERT_DATE_INVALID in Firefox, you will need to open the advanced details on the “Warning Potential Security Risk Ahead” page.
Text-only Instructions
- Click on the [Avanced…] button to display the error message.
- The error code: SEC_ERROR_EXPIRED_CERTIFICATE is displayed in the expanded information.
Visual Instructions
1
Click the Advanced button.
2
Review error code details.
HOW TO Identify Expired Certificate Errors in MS Edge IE Mode
DLG_FLAGS_SEC_CERT_DATE_INVALID
Microsoft Edge running in its Internet Explorer compatibility mode mimics the error codes/behavior of its’ now defunct ancestors. In order to view the error message in IE mode perform the following steps when you reach the “This site is not secure” page.
Text-only Instructions
- Click on the [More information] toggle to display the error message.
- The error code in IE mode is DLG_FLAGS_SEC_CERT_DATE_INVALID
Visual Instructions
1
Toggle More information.
2
Review the error code.
HOW TO Identify Expired Certificate Errors in MS Edge
NET::ERR_CERT_DATE_INVALID
Microsoft Edge in its modern form is a Chromium based variant at its core. So when operating outside of its compatibility modes, we get the typical Chrome error code without any additional steps. Simply review the details on the “Your connection is not private” page.
Text-only Instructions
- Review the error code directly on the page.
Visual Instructions
1
Review the Error Message directly on the page.
HOW TO Identify Expired Certificate Errors in Opera
NET::ERR_CERT_DATE_INVALID
Opera is another highly modified Chromium browser engine, so it too will display the same error messages as Chrome variants, with it’s own Opera styling. Simply review the details on the “Your connection is not private” page.
Text-only Instructions
- Review the error code directly on the page.
Visual Instructions
1
Review the Error Message directly on the page.
HOW TO Identify Expired Certificate Errors in Safari
Safari can’t verify the identity of the website “example.com”
The certificate for this website is invalid.
Apple’s Safari does not bother using jargon centric error codes. This makes it more user-friendly but less reliable at detecting the specific threat to security. However, as with all browsers, the same troubleshooting techniques will work to resolve a problematic SSL certificate configuration.
Text-only Instructions
- Review the error code on the pop-up message box when visiting a page.
Visual Instructions
1
The error message is displayed on the pop-up message box.
What is Error Code: NET::ERR_CERT_DATE_INVALID?
In its simplest interpretation, this error code means the certificate has expired or more accurately, the certificate is outside of its defined validity period. The validity period is expressed by both a certificate’s start and end dates. These two dates define the range of time that this certificate will pass validation checks by the certificate authority that issued it. Expired certificates are by far the most common cause of NET::ERR_CERT_DATE_INVALID and when genuinely expired, are very straight forward to fix.
How to fix invalid certificate date errors?
Instinctually, the answer here is to replace or renew the expired certificate, and that is the correct answer when this error occurs naturally. However, like many things in the technology world of today, the solution is not always the obvious one that we intuit.
What if I told you that it’s entirely possible, that the expired certificate error you are receiving is not an issue with the expiration date or the certificate at all? Kind of misleading, eh? Lets consider what happens when your browser does its customary expiration checks for the certificate.
In order for a browser to pass a certificate’s expiration check we must look at a number of additional factors beyond the obvious. Review the following list that outlines a typical browser certificate date validation check:
- Browser Certificate Expiration Checks
- The validity period START date must be on or after the current date/time.
- The validity period END date must be on or before the current date/time.
- The current date/time of the visitor’s device must be within the validity period.
- The current date/time of the webserver must also be within the validity period.
- All associated Root & Intermediate certificates in the CA chain must pass validation tests.
As you can see, its entirely plausible for an SSL certificate to have an accurate expiration date, yet still be seen as expired by the visitor’s browser. The date/time settings on both the visitors device and the server must also be set correctly. Otherwise, the browser has the wrong point of reference for validating the date range checks. So now we can see how important having the correct date, time, & time-zone settings on our devices is, as it’s a prerequisite for SSL certificate validation to work correctly.
Take a look at our companion guide to troubleshooting SSL certificate errors.
Additional Help ⇨ Troubleshooting SSL Certificate Errors
If you were not led to a solution in this article, try our ultimate guide instead. It is designed to walk through general SSL certificate troubleshooting and should lead you to a solution. Use the handy table of contents below to zip straight to the desired section in the guide or start from the beginning.
⇨
The Ultimate Guide To Fixing SSL Certificate Errors
- Introduction ⇨ how to fix SSL certificate errors
- General Guide Instructions
- How to fix SSL certificate errors as a website visitor
- Step 1 ⇨ Manually review certificate details
- Step 2 ⇨ Hard Refresh / Force Reload
- Step 3 ⇨ Restart your browser
- Step 4 ⇨ Browser Privacy Sandbox
- Step 5 ⇨ Verify system clock & time zone
- Step 6 ⇨ Temporarily disable VPN & antivirus software
- Step 7 ⇨ Clear browser cache, cookies, & temporary internet files
- Step 8 ⇨ Reset browser SSL state (Windows Only)
- How to fix SSL certificate errors as an administrator
Jason Potter is a Senior Linux Systems Administrator & Technical Writer with more than 20 years experience providing technical support to customers and has a passion for writing competent and thorough technical documentation at all skill levels.
Leave a Reply