Cert Invalid Date NET::ERR_CERT_DATE_INVALID

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: namedream.com

I ran this command: typed domain into chrome browser

It produced this output: NET::ERR_CERT_DATE_INVALID error warning from chrome. then when I click refresh in the browser, the web site resolves securely.

My web server is (include version): apache

The operating system my web server runs on is (include version): php

My hosting provider, if applicable, is: digitalocean

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): n/a

1 Like

This is way to fix it, letsencrypt needs to be installed locally.

What versions of the Operating System and Web Browser are you using?
When were they last updated with security patches?

5 Likes

The error that you mentioned can occur for a number of reasons. We often see this when a certificate has been renewed, but either the webserver serving the certificate has not finished reloading with the new certificate or the visitor's browser cache has not been cleared. It took me 20 or so refreshes this morning to see my own new certificate in my browser. Occasionally this error is seen when the time of the visitor's machine is incorrect.

As for "installing the cert locally", the only reason someone would want to locally install a root certificate is if they don't have that root certificate in their trust store, which occurs if the browser being used is on an older/unsupported device or the website is serving a certificate chained from a very new (and not yet widely supported) root certificate, such as ISRG Root X2. The video that you posted "oversolves" the problem by installing both the traditional (RSA) ISRG Root X1 certificate and new (ECDSA) ISRG Root X2 certificate.

6 Likes

Yes, I always clear my Web Browsers' Caches.

6 Likes

Thanks for responding.

Still didn't work! I'm resetting chrome, it says crome was already up 2 date.

I'm running windows10 should that be upgraded?

Best regards,

Alan

3 Likes

For which website are you seeing this error?

6 Likes

I don't know, as you can see my Windows 10 is showing a Feature Update available,
I don't have any Security, Reliability, etc. Updates available, do you?
If YES then you need a Windows 10 Update.

3 Likes

Hi Griffin, thanks for responding.

The website is https://namedream.com.

Best regards,

2 Likes

Hi Bruce,

Windows 10 is up to date. They always happen automatically. I'm concerned if this is just a local issue, or is effecting the users.

Quite an old computer 2019 Lenovo.

Doesn't affect my browser. :slightly_smiling_face:

Edit: The link above upon multiple visits demonstrates what @jmorahan mentioned below.

6 Likes

I tried hitting that a few times and get two different certificates seemingly at random. One of them is indeed expired.

Do you have multiple servers behind a load balancer or something like that?

7 Likes

Thanks @jmorahan.

I was wondering if that might be happening, but I didn't see it myself.

5 Likes

I have not rebooted my computer recently.
This is what I see initially with
Firefox 106.0.1 (64-bit)

And with Microsoft Edge 106.0.1370.47 (Official build) (64-bit)

3 Likes

Thanks for posting that SSL Checker link. I am seeing as well two certs, one expired, the other ok. So I am logging in to the server to remove the old one.

3 Likes

that won't help. You should try restarting Apache or even the server. You probably have a "stuck" apache process. The stuck process serving the old cert and the normal apache processes using the new.

6 Likes

And as soon as I accept the Warning the Padlock Symbols are fine, not a real problem, just a bit of an ugly nuisance.


3 Likes

Ok I will restart apache. I will use this code:
sudo service apache2 restart

1 Like

Also SSL Labs is showing
https://www.ssllabs.com/ssltest/analyze.html?d=namedream.com
a third Certificate which is Expired

5 Likes

Damn the problem seems to be getting worse :smiley: