SSL Error: Invalid Certificate Date

Diagnose and resolve the NET::ERR_CERT_DATE_INVALID error.

The NET::ERR_CERT_DATE_INVALID error is one of the most common SSL errors website visitors encounter. It indicates the browser detected a problem with the SSL certificate's temporal validity. This error can occur either because the certificate has expired, because it's not yet valid, or due to an incorrect clock on the visitor's computer.

This error is particularly frustrating because it completely blocks site access. Modern browsers display a scary security warning and most visitors won't risk continuing. For an e-commerce or professional site, this means immediate loss of revenue and credibility.

Fortunately, this error is generally easy to diagnose and fix. In this guide, we'll explore all possible causes and give you the steps to correct the problem quickly, whether you're the site administrator or a visitor facing this error.

Date Error Symptoms

How this error appears in different browsers:

  • Chrome: displays NET::ERR_CERT_DATE_INVALID with "Your connection is not private" message. The browser clock may also be mentioned if that's the cause.
  • Firefox: displays SEC_ERROR_EXPIRED_CERTIFICATE or SEC_ERROR_NOT_YET_VALID depending on whether the certificate expired or isn't valid yet.
  • Safari: displays "This certificate has expired" with the expiration date visible in the certificate details.
  • Edge: displays NET::ERR_CERT_DATE_INVALID with a warning similar to Chrome, blocking site access.

Causes of Invalid Date Error

Several situations can trigger this error:

  • Expired certificate: the most common cause. The SSL certificate has passed its end validity date and needs renewal. Let's Encrypt certificates expire every 90 days.
  • Certificate not yet valid: the certificate was installed but its start validity date is in the future. This can happen with a server clock offset.
  • Incorrect system clock: the visitor's computer has an incorrect date/time. The browser compares certificate dates to the local clock.
  • Corrupted browser cache: the browser cached an old version of the certificate and isn't retrieving the renewed certificate.

Error Diagnosis

Follow these steps to identify the exact cause:

  1. Check system clock: on the affected computer, verify the date and time are correct. Even a few minutes offset can trigger the error.
  2. View certificate details: click the certificate icon in the address bar to see "Valid from" and "Valid until" dates.
  3. Test in another browser: if the error only appears in one browser, it's probably a cache or local clock issue.
  4. Use SSL Labs: the free SSL Labs tool (ssllabs.com) displays all certificate information, including exact validity dates.

Certificate Validity Check

Use this command to check certificate dates:

#!/bin/bash
# Check SSL certificate validity dates

DOMAIN="example.com"

echo "=== Certificate validity dates for $DOMAIN ==="

# Get dates
dates=$(echo | openssl s_client -servername $DOMAIN -connect $DOMAIN:443 2>/dev/null | openssl x509 -noout -dates)

echo "$dates"

# Extract end date
expiry=$(echo | openssl s_client -servername $DOMAIN -connect $DOMAIN:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)

echo ""
echo "Certificate expires on: $expiry"

This command displays the "notBefore" (validity start) and "notAfter" (validity end) dates. Compare these dates to current time to identify the problem.

Prevention Best Practices

Avoid this error with these best practices:

  • Automatic monitoring: use MoniTao to get alerts 30, 14, and 7 days before certificate expiration. Don't rely only on provider reminders.
  • Automatic renewal: configure Certbot or ACME to automatically renew Let's Encrypt certificates at least 30 days before expiration.
  • NTP synchronization: ensure your server syncs its clock via NTP to avoid date drift.
  • Regular testing: regularly check your certificates with SSL Labs to detect issues before they affect visitors.

Invalid Date Diagnostic Checklist

  • System clock verified (client and server)
  • Certificate validity dates checked
  • Test performed in multiple browsers
  • Browser cache cleared
  • Certificate renewed if expired
  • MoniTao monitor configured for monitoring

Frequently Asked Questions

The error only appears on my computer, is this normal?

Yes, this probably indicates a clock problem on your computer. Check that date and time are correct and automatically synchronized.

How do I force the browser to get the new certificate?

Clear browser cache and browsing data. In Chrome, use Ctrl+Shift+Delete then select "Cached images and files".

Can I ignore this error and access the site anyway?

Technically yes, but strongly discouraged. A certificate with invalid dates may indicate a security issue or compromised site.

My certificate was just installed but the error persists, why?

Check if the server clock is correct. If it's ahead, the certificate may be considered "not yet valid".

Does this error affect my Google ranking?

Yes, Google penalizes sites with SSL errors. The longer the error persists, the greater the potential impact on your ranking.

How do I prevent this problem in the future?

Configure automatic monitoring with MoniTao and enable automatic renewal via Certbot or your host.

Resolve the Date Error Quickly

The NET::ERR_CERT_DATE_INVALID error is generally simple to resolve once the cause is identified. In most cases, it's either an expired certificate to renew or an incorrect system clock to sync.

With MoniTao, you're alerted well before your certificates expire. Set up an HTTPS monitor for each domain and you'll never be surprised by an unexpected expiration.

Useful Links

Ready to Sleep Soundly?

Start free, no credit card required.

Create My Account See pricing