Https:// ssl chrome privacy problem NET::ERR_CERT_AUTHORITY_INVALID

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: (not 24/7 and home hosted in windows 10 + xampp

I ran this command: na

It produced this output: na

My web server is (include version): xampp (1 before latest version)

The operating system my web server runs on is (include version): windows 10

My hosting provider, if applicable, is: na

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): latest


My web site works perfectly with padlock coming back in chrome. I even tested it on Opera browser using their VPN and I am able to connect.
I run certbot renew and my web site certificate renews no problem. Nb I use DUC and xampp control panel which I disconnect when I certbot renew or shut down my server for the night (I am only up 8 hours a day).

But at work I get an intermittent problem that there is a privacy error from Chrome and I cannot connect. The error seems well known on the internet: NET::ERR_CERT_AUTHORITY_INVALID. Then it goes away and no issues. Then it is back again.
I am stumped. At a previous company I worked, a bank, I could access my web (home hosted per above) any time from work. Please can someone shed light on a solution for this.

Hi there @markjc, welcome to our Community!

To debug this issue, it's very likely it's necessary for us to be able to connect to your webserver. At this moment, I'm getting an error when trying to connect:

osiris@erazer ~ $ openssl s_client -connect
140486472668992:error:02002071:system library:connect:No route to host:crypto/bio/b_sock2.c:110:
140486472668992:error:2008A067:BIO routines:BIO_connect:connect error:crypto/bio/b_sock2.c:111:
osiris@erazer ~ $ 

Is there perhaps some kind of firewall blocking access that you know of?

Hi I have booted up my server. It was off. You should be able to connect now. I have just connected using Opera's VPN and it is up.

Hm, usually an intermittend ERR_CERT_AUTHORITY_INVALID error comes from an invalid certificate chain, but your chain seems to be just fine:

Certificate chain
 0 s:CN =
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3

Could it be a firewall setting at my new work. I have asked them to facilitate the site. They seem stumped. This (attached error screen from Chrome) is the type of error I get from work. Yet when I try to proceed to the domain I am blocked. Weird. What is even weirder is that a few hours later I am able to connect to my web site no problem with no error screen. Then a day later same error pops up.

Huh, why does it say "" and not your hostname?

In any case, it would be helpfull to inspect the certificate when you're presented with that error screen.

I have no idea why it is saying that.
Is it on the certificate?
How can I see that for myself.
Possibly there is a mismatch and this is causing the error?
When you say inspect the certificate does this option come from the error screen.
If so I will chase that down next time it occurs.

No, the "" is the hostname to which Chrome is trying to connect.

You should be able to inspect the certificate when presented with this error screen, yes. In stead of a lock, you'd see a broken lock in the left part of the address bar, but it should be clickable. Or use the Developer Toolbar such as explained in How to View SSL Certificate in Google Chrome - SSLSecurity

Hi Thank you for your help. Attached is the View SSL Certificate in Google Chrome. It says all ok per attached. And this comes from my work. I will probably get error again as it is intermittant, but at least I know that my certificate is in good order (padlock is not broken) and how to look at it in Chrome dev tools.

Yes indeed, this all looks good. Interested to see what Chrome shows when you get the error.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.