ERR_CERT_DATE_INVALID: How to Fix the "Certificate Has Expired" Error

ERR_CERT_DATE_INVALID (shown in full as NET::ERR_CERT_DATE_INVALID) is a security warning a browser displays when it finds a problem with the validity dates of a site's SSL/TLS certificate. The browser usually pairs it with a "Your connection is not private" heading and a message like "the certificate has expired." Unlike other certificate errors, this one is all about time: either the certificate's validity window doesn't cover today, or your device's clock is wrong. This guide fixes it from both the visitor and the site-owner perspective.

The two causes

Every SSL certificate has a start date and an end date. When a page loads, the browser compares your device clock against that window. ERR_CERT_DATE_INVALID appears in two situations:

  • (A) Your device date/time is wrong. This is the most common cause. If the clock is set ahead or behind, even a perfectly valid certificate looks "expired" or "not yet valid" to the browser.
  • (B) The site's certificate has genuinely expired. If the owner didn't renew in time, the end date has passed and every visitor sees the warning.

A quick way to tell which side you're on: open the same site from another device on another network. If the error appears there too, the problem is the site (B). If only you see it, it's almost certainly your device (A).

If you're a visitor (device clock)

If only you see the error, check your own device first:

  1. Set date and time automatically. On Windows go to Settings > Time & language > Date & time and turn on "Set time automatically" and "Set time zone automatically." On macOS, enable automatic time under System Settings > General > Date & Time. On phones, turn on "Use network-provided time."
  2. Verify the date, time, and time zone. Even a one-day or one-year drift triggers the error. Set the correct values and try again.
  3. Clear your browser cache or open an incognito/private window. This stops an old cached certificate record from being reused.
  4. Test on a different device or browser. Try your phone on mobile data. If it works there, your main device's clock or browser is the culprit.
  5. Temporarily disable VPN/proxy and restart the device. Some VPNs or antivirus HTTPS inspection can break the certificate date.

If you're the site owner (expired certificate)

If visitors see this error, your certificate has most likely expired. To fix it fast:

  1. Check the validity dates. Click the padlock in the browser and view the certificate, or run this in a terminal: 
    openssl s_client -connect yourdomain.com:443 -servername yourdomain.com 2>/dev/null | openssl x509 -noout -dates
    If the notAfter date is in the past, your certificate has expired.
  2. Renew the certificate now. The only fix for an expired certificate is a new one. With our free SSL wizard you can generate a fresh, 90-day certificate and download it as a ZIP in minutes — no signup required.
  3. Install the new certificate on the server. Replace the old files and restart your web server (Nginx, Apache, IIS).
  4. Check the chain and intermediate certificate. Installing only the leaf certificate breaks some clients. Make sure you deploy the full chain (fullchain).
Tip: If ERR_CERT_DATE_INVALID persists after renewal, fully close and reopen the browser or test in a private window — the old certificate may still be cached.

How to diagnose the error

To pin it down: click the padlock (or warning) icon in the address bar > "Connection is/not secure" > Certificate details. The dialog shows the Validity Period (Valid from / Valid to). If "Valid to" is before today, the certificate has expired (cause B). If the date is still in the future but the error remains, your device clock is wrong (cause A). This single check tells you which side to focus on.

Preventing it from happening again (auto-renewal/reminders)

An expired certificate is the most common cause of avoidable downtime for site owners. To prevent a repeat:

  • Set up auto-renewal. If your server supports an ACME client, have the certificate renew automatically before it expires.
  • Use a reminder system. Auto-renewal isn't possible in every environment. A certificate issued with our free SSL wizard comes with an email reminder before it expires, so you never miss a renewal.
  • Add a calendar note. For 90-day certificates, set a renewal reminder around day 60-75.

Summary

ERR_CERT_DATE_INVALID comes from either a wrong device clock or a genuinely expired certificate. If you're a visitor, set your clock automatically and try a private window; if you're the site owner, check the certificate's end date and renew it. To renew an expired certificate in minutes, for free and with no signup, use our free SSL wizard — and with an email reminder before expiry, you'll never hit this error again.