ERR_CERT_DATE_INVALID

What Does ERR_CERT_DATE_INVALID Mean?

ERR_CERT_DATE_INVALID is an SSL/TLS error indicating that the website's SSL certificate has either expired or is not yet valid. SSL certificates have a defined validity period, typically ranging from 90 days to one year. When a certificate's expiration date has passed, or when it is being used before its start date, browsers reject the connection and display this error.

This error serves as a critical security measure. Expired certificates can no longer be trusted because the CA may have revoked them, the domain ownership may have changed, or the certificate's cryptographic keys may have been compromised. Browsers enforce strict date checking to ensure that only currently valid certificates are accepted.

Interestingly, this error can also be triggered by an incorrect system clock on your computer. If your device's date and time are set incorrectly, the browser may think a valid certificate is expired (or not yet valid), even though the certificate itself is perfectly fine. This makes checking your system clock the first troubleshooting step.

Common Causes

The most common cause is a genuinely expired SSL certificate on the web server. Certificates have finite lifespans and must be renewed before expiration. Many website administrators forget to renew their certificates, especially if automatic renewal is not configured. Let's Encrypt certificates, for example, expire after 90 days and require regular renewal.

An incorrect system clock on the visitor's computer is the second most common cause. If your computer's date is set to the past or future, the browser's date comparison fails. This frequently occurs on devices with dead CMOS batteries, virtual machines with clock drift, or systems where the time zone is misconfigured.

Certificates that are not yet valid (future start date) can also trigger this error. This happens when a newly issued certificate is installed on the server before its validity period begins, or when the server's clock is ahead of the actual time. Additionally, some older devices may not support certificates with validity periods that extend beyond certain dates.

Step-by-Step Fix

For website visitors: Start by checking your computer's date and time. On Windows, right-click the clock in the taskbar and select 'Adjust date/time', then enable 'Set time automatically'. On macOS, go to System Preferences > Date & Time and enable automatic date and time. If the date is correct, clear your browser cache and SSL state, then try again.

For website administrators: Check your certificate's expiration date immediately using an SSL checker tool or the OpenSSL command: 'openssl s_client -connect yourdomain.com:443 | openssl x509 -noout -dates'. If expired, renew it through your certificate provider. For Let's Encrypt, run 'certbot renew' and set up a cron job for automatic renewal: '0 0 1 * * certbot renew --quiet'.

To prevent future occurrences, set up certificate expiration monitoring. Many services offer free SSL monitoring that alerts you before your certificate expires. Configure automatic renewal with your CA whenever possible. For Let's Encrypt, Certbot's automatic renewal is built in - just ensure the systemd timer or cron job is active. Consider using a certificate management platform if you manage multiple domains.

Related SSL Errors