How to Fix NET::ERR_CERT_DATE_INVALID Error in Chrome

The NET::ERR_CERT_DATE_INVALID error in Chrome means the SSL certificate on the site you're visiting has an expired or future-dated validity period - and Chrome refuses the connection to protect you. It stops the page from loading and displays a red warning screen. Most of the time, the fix takes under two minutes. Either your system clock is wrong, your browser cache holds stale certificate data, or the website's SSL certificate has genuinely expired and needs renewal.

Below are eight targeted fixes, ordered from fastest to apply to most involved - so you can stop at whichever one clears the error.

What Is the NET::ERR_CERT_DATE_INVALID Error?

NET::ERR_CERT_DATE_INVALID is a Chrome error code that signals a date-based SSL certificate failure. Chrome compares the certificate's Not Before and Not After fields against your system clock. If the current date falls outside that window, Chrome blocks the connection entirely and shows this error rather than letting an untrusted session proceed.

Chrome enforces this check because an expired certificate cannot guarantee that the public key it contains still belongs to the site you intended to visit. Since March 2020, DigiCert and other major Certificate Authorities have issued certificates with a maximum validity of 398 days, according to the CA/Browser Forum Baseline Requirements - which makes expiration-related errors more common than they were when two-year certificates were standard.

What Causes This Error?

Six distinct scenarios can trigger the NET::ERR_CERT_DATE_INVALID warning. The table below maps each cause to who is responsible for fixing it.

Identifying the cause first saves time. If the error appears only on one specific site, the certificate is likely expired on the server side. If it appears on many unrelated sites simultaneously, your system clock or root certificate store is the likely culprit.

How Do You Fix a Wrong System Clock?

A mismatched system clock is the most common visitor-side cause of the NET::ERR_CERT_DATE_INVALID error. Chrome sees a valid certificate as expired - or not yet valid - because your device's date or time is off.

Windows

macOS

Android / iOS

Go to Settings > General Management > Date and Time and toggle Automatic date and time to ON. Both mobile platforms sync over the network within seconds.

How Do You Clear the SSL Cache in Chrome?

Chrome keeps a local cache of SSL session data to speed up future connections. When that cache holds outdated certificate information, it can display the NET::ERR_CERT_DATE_INVALID error even after the site's certificate has been renewed. Clearing the SSL state in Chrome removes stale data and forces Chrome to re-verify from scratch.

Also Read: How to Fix Safari Can't Establish a Secure Connection Error

How Do You Renew an Expired SSL Certificate?

If only one site shows the error, the website owner's certificate has most likely expired. As a visitor, you cannot fix this directly - but you can verify it and notify the site owner.

To confirm expiry: click the Not secure warning in Chrome's address bar, then select Certificate is not valid. The Details tab shows the exact expiration date. If it has passed, the server needs a new certificate installed.

Website owners should reissue and reinstall the certificate through their Certificate Authority or hosting control panel. Most major CAs - including Let's Encrypt, DigiCert, and Sectigo - send renewal reminders 30 days before expiry. Setting up auto-renewal through tools like Certbot eliminates manual renewal entirely for Apache and Nginx servers.

Does Antivirus Software Cause This Error?

Yes - and this surprises most users. Antivirus programs that include an HTTPS scanning feature intercept your browser's encrypted connections and substitute their own certificate to inspect traffic. If that substituted certificate has a date mismatch with your system clock, Chrome raises the NET::ERR_CERT_DATE_INVALID error even though the original website's certificate is perfectly valid.

Common antivirus products known to cause this behavior include Avast, Kaspersky, Bitdefender, and ESET. To test this: temporarily disable the HTTPS scanning or SSL inspection feature within your antivirus settings - not the entire antivirus - and reload the page. If the error clears, add the affected site to your antivirus whitelist.

How Do You Update Root Certificates on Windows?

Chrome on Windows relies on the operating system's root certificate store rather than maintaining its own. If Windows hasn't been updated in a long time, its root store may be missing newer Certificate Authority root certificates - causing Chrome to reject valid certificates it cannot trace to a trusted root.

Run Windows Update through Settings > Update & Security > Windows Update. After installing all pending updates, restart your machine and test Chrome again. According to Microsoft's root certificate program documentation, Windows distributes updated root certificates automatically through Windows Update - so keeping your OS current is the single most reliable prevention method.

Can a VPN or Proxy Trigger NET::ERR_CERT_DATE_INVALID?

A proxy server or VPN that performs SSL inspection - the same technique some antivirus programs use - can insert a certificate into the connection chain with a date that does not align with your system time. Corporate networks frequently route HTTPS traffic through deep-packet inspection appliances that do exactly this.

To test: disconnect from your VPN or disable your proxy (Settings > System > Open proxy settings in Chrome), then reload the page. If the error disappears, the proxy or VPN is substituting certificates. Contact your network administrator for a permanent solution, or disable SSL inspection for that specific domain if your VPN client permits it.

How Do You Fix This Error on a Specific Website Only?

When the error is confined to a single domain and your system clock is correct, the problem is almost certainly on the server. The site may also have an incomplete certificate chain - missing the intermediate certificate that links its SSL certificate to a trusted root CA. You can verify the full chain using Chrome's certificate viewer or an online SSL checker. This scenario closely resembles the NET::ERR_CERT_REVOKED error, which also blocks access at the browser level but stems from deliberate certificate revocation rather than expiry.

If you administer the site, use these steps to diagnose and fix the chain:

What If Nothing Else Works?

A Chrome profile with corrupted settings or a system with severely outdated root trust data can still produce the error after all standard fixes. Two options remain.

Reset Chrome Settings

Reinstall Chrome

Keep Your Browser Connections Trusted

The NET::ERR_CERT_DATE_INVALID error almost always has a clear, fixable cause. Start with your system clock - it takes seconds to check and resolves the error immediately if that is the source. Move through the browser cache, antivirus HTTPS scanning, and proxy settings if the clock is correct. When the error targets a single site, the fix belongs to the website owner: an expired certificate needs renewal and reinstallation.

To avoid seeing this error again, keep Windows or macOS updates current so your root certificate store stays fresh, enable auto-renewal on any certificates you manage, and monitor your SSL expiry dates at least 30 days in advance. That combination prevents most date-related certificate failures before they ever reach your visitors.

FAQs About NET::ERR_CERT_DATE_INVALID:

Is it safe to proceed past the NET::ERR_CERT_DATE_INVALID warning?

No. Bypassing this error by clicking Advanced and then Proceed to site skips Chrome's certificate validation entirely. You should only do this on a site you personally control and are actively testing. Never enter passwords, payment details, or personal information on a page with an invalid certificate.

Why does this error appear on every website at once?

When the error hits every site simultaneously, the cause is almost always your system clock being set to a wrong year, date, or time zone. Fix the clock first before trying any other step - it resolves the problem across all sites instantly.

How long does an SSL certificate last before it expires?

Since September 2020, SSL/TLS certificates issued by publicly trusted Certificate Authorities are capped at 398 days (approximately 13 months). Certificates issued before that date could run up to two years. After expiry, the certificate must be renewed and reinstalled - it does not renew automatically unless your hosting setup includes an auto-renewal tool like Certbot.

Can this error appear on mobile Chrome?

Yes. Chrome for Android and iOS enforces the same certificate validity checks as the desktop version. The most common mobile cause is automatic date/time being turned off, which lets the clock drift. Re-enabling automatic time in your device's settings resolves it in most cases.

Does disabling antivirus HTTPS scanning reduce my security?

Temporarily disabling HTTPS scanning to diagnose this error is low-risk if you keep antivirus real-time protection active. Most security vendors allow you to whitelist specific trusted sites in their SSL scanning settings rather than turning the feature off globally - which is the better long-term approach.

What is the difference between NET::ERR_CERT_DATE_INVALID and NET::ERR_CERT_AUTHORITY_INVALID?

Both block HTTPS connections in Chrome, but for different reasons. NET::ERR_CERT_DATE_INVALID means the certificate's validity dates are mismatched with your clock or the certificate has expired. NET::ERR_CERT_AUTHORITY_INVALID means Chrome cannot trace the certificate to a trusted Certificate Authority - typically because the certificate is self-signed or the CA is not in Chrome's trust store.