sfw/fix
NET::ERR_CERT_DATE_INVALID critical

SSL Certificate Expired

An expired SSL certificate triggers a full-page "Your connection is not private" warning that blocks every visitor.

What you see

Your connection is not private
NET::ERR_CERT_DATE_INVALID
attackers might be trying to steal your information from example.com

What’s actually happening

The browser refuses to load your site and shows a red, full-screen warning, because the certificate’s validity dates have passed. To a visitor it looks like your site is hacked or fake. Traffic stops cold until it’s renewed.

Common causes

  • The certificate reached its expiry date and auto-renewal failed or was never set up
  • A Let’s Encrypt renewal cron stopped running
  • The certificate renewed but the new one was never installed/reloaded
  • The server clock is wrong, making a valid cert look expired

How to fix it

  1. Renew the certificate nowIf it’s Let’s Encrypt, run the renewal (certbot renew) or click renew in your host panel. For a paid cert, reissue through your provider and install the new files.
  2. Reload the web serverA renewed cert isn’t live until the server reloads it. Restart Nginx/Apache (or your host’s SSL applies it) so the new certificate is actually served.
  3. Fix auto-renewal so it never recursConfirm the renewal cron/timer runs (certbot.timer, host auto-SSL). Most expired-cert outages are simply a renewal job that silently stopped.
  4. Verify with an SSL checkerUse an SSL test to confirm the new dates and that the full chain is installed — a missing intermediate certificate causes its own warning.

Stop it recurring

Set an uptime/SSL monitor that alerts 14 days before expiry. Auto-renewal should be the default, with monitoring as the backstop.

Related errors

Mixed Content Warning

medium

Mixed content is an HTTPS page loading some resources over insecure HTTP — it breaks the padlock and blocks assets.