As you surf the web using your browser, you’ll no doubt encounter websites that your browser will refuse to load, instead showing some variation of an error message, such as Your connection is not private or Warning: Potential Security Risk Ahead.
On Chromium-based browsers such as Google Chrome, Microsoft Edge, Chromium, and Brave, you’ll see the message Your connection is not private (or something very similar). You’ll see a similar message on Safari.
On Firefox-based browsers such as Firefox and LibreWolf, you’ll see the message Warning: Potential Security Risk Ahead (or Secure Connection Failed on Android).
In this article, we explain why this error occurs and suggest some ways to “fix” it. Please be aware, though, there’s a good chance the error does indeed indicate a real problem, and that in many cases, you’re best simply avoiding that website.
- Why are you seeing the ‘Your connection is not private’ error?
- How does HTTPS website verification work?
- Why might HTTPS website verification fail?
- How to fix a “Your connection is not private” error
- Can I ignore the error?
Why are you seeing the ‘Your connection is not private’ error?
Hypertext Transfer Protocol Secure (HTTPS) is the backbone that keeps everyone safe and secure on the internet. Most websites (and all professional commercial websites) these days are secured using HTTPS.
When you visit an HTTPS website, no third party — such as your internet service provider(nieuw venster) (ISP) — can see what you do on that website. This includes which individual pages you visit and any data you input (such as your credit card details when making a payment).
Learn more about how HTTPS keeps you safe (but not private)(nieuw venster)
HTTPS performs two key functions:
1. It encrypts your data as it travels between your device and the website. This encryption (which uses the TLS encryption protocol(nieuw venster)) is what prevents third parties from knowing what you do on a website or seeing any information you send, such as passwords or credit card details.
2. It allows your browser to verify that the website you’re connecting to is the website you think you’re connecting to. If it can’t do this, your browser will refuse to connect and you’ll see a Your connection is not private error.
How does HTTPS website verification work?
HTTPS uses the X.509 Public Key Infrastructure (PKI) to negotiate new connections. This is an asymmetric encryption system that uses public key cryptography to secure the key exchange. That is, the web server presents a public key, which is decrypted using your browser’s private key.
To ensure your browser is connecting to the server it thinks it’s connecting to (and thus preventing man-in-the-middle attacks(nieuw venster)), X.509 uses Secure Sockets Layer (SSL) or Transport Layer Security (TLS) certificates. Named after the encryption protocol used by HTTPS to secure connections, these are small data files that digitally bind a website’s public cryptographic key to an organization’s identity.
Learn more about SSL/TLS certificates(nieuw venster)
SSL certificates are issued by a Certificate Authority (CA), an organization that has (at least in theory) verified that it can be trusted to only issue certificates to valid organizations. Whether a browser accepts the HTTPS certificates issued by a particular organization depends on the browser developers.
Why might HTTPS website verification fail?
Broadly speaking, there are two basic reasons why HTTPS verification might fail, resulting in a Your connection is not private error.
1. There’s a problem with the HTTPS certificate
The entire point of HTTPS certificates is to verify the authenticity of websites. That is, that they are run by who you expect them to be run by. If there is a problem with the certificate, there’s a good chance the website is unsafe to visit.
Fortunately, your browser will often display an error code to help you identify the issue. Common error codes you might encounter when Chrome displays the “Your connection is not private” error, along with their meanings are:
- NET::ERR_CERT_AUTHORITY_INVALID: This error indicates that the SSL certificate the website is using does not come from a trusted source or is not valid. This could be because the certificate is self-signed or issued by an authority not recognized by Chrome.
- NET::ERR_CERT_COMMON_NAME_INVALID: This error suggests a mismatch between the domain name the SSL certificate was issued to and the domain you are visiting. This can happen if the website configuration has changed or the certificate is improperly issued.
- NET::ERR_CERT_DATE_INVALID: This error occurs when the SSL certificate has expired, is not yet valid, or if the date and time on your device are incorrect, causing Chrome to think the certificate’s validity period is off.
- NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: This error indicates the certificate uses a weak cryptographic algorithm that is no longer considered secure. Upgrading the security of the certificate can resolve this issue.
- NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED: This error means the SSL certificate for the website does not comply with Chrome’s Certificate Transparency policy. This policy requires that certificates be publicly logged to prevent misuse.
- SSL certificate error: This is a general error that can occur for various reasons, such as problems with the certificate installation on the server or issues with the server configuration.
In Firefox, you might see:
- SEC_ERROR_EXPIRED_CERTIFICATE: This error appears when the website’s SSL certificate has expired and is no longer valid.
- SEC_ERROR_UNKNOWN_ISSUER: This error indicates that Firefox does not recognize the issuer of the SSL certificate. This could occur if the certificate is self-signed or issued by a certificate authority that Firefox does not trust.
- SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: This error is shown when the certificate of the Certificate Authority (CA) that issued the website’s certificate has expired.
- SSL_ERROR_BAD_CERT_DOMAIN: Similar to Chrome’s NET::ERR_CERT_COMMON_NAME_INVALID, this error suggests that the SSL certificate does not include the domain name you are trying to visit. It might be issued to a different domain or subdomain.
- SEC_ERROR_OCSP_INVALID_SIGNING_CERT: This error indicates that the Online Certificate Status Protocol (OCSP) response, which is used to determine the current status of a digital certificate, has been signed by an invalid certificate.
- SSL_ERROR_NO_CYPHER_OVERLAP: This occurs when there is no strong encryption algorithm that both the browser and the server support. This is often the result of outdated configurations either in the browser or on the server.
- MOZILLA_PKIX_ERROR_MITM_DETECTED: This error suggests that Firefox has detected a potential Man-In-The-Middle (MITM) attack trying to intercept the connection by using a certificate that is not trusted by Firefox’s security standards.
- MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED: This indicates the SSL certificate has been rejected by Firefox due to additional policy constraints.
In all cases, such error warnings are indicators that the website either can’t be trusted or that your connection to it may not be secure. The NET::ERR_CERT_AUTHORITY_INVALID: (Chrome) or UNKNOWN_ISSUER and MOZILLA_PKIX_ERROR_MITM_DETECTED error codes are particularly concerning, as they often indicate a man-in the middle attack.
However, they could also indicate a self-signed SSL certificate (where instead of a trusted CA, the website developer has signed their own SSL certificate) or that the SSL certificate is valid, but is issued by a CA not recognized by your browser (we’ll discuss this later).
If the problem is with the HTTPS certificate, there’s little you can do to resolve the issue yourself except to contact the website administrator to alert them about the issue.
2. There’s a problem at your end
If you just see a generic Your connection is not private error, it’s possible there’s nothing wrong with the website’s SSL certificate and the problem lies with your device or connection.
If you suspect this is the case but (quite rightly) don’t wish to simply ignore the issue and continue to visit the website anyway (see later), there are a number of things you can do to try to fix the error.
How to fix a ‘Your connection is not private’ error
Fixing a Your connection is not private error involves several troubleshooting steps. These steps aim to resolve potential issues on your device, check for network-related problems, or address website-specific SSL certificate issues. Here’s what you can do:
1. Check your date and time settings
Ensure your computer’s date and time are accurate, as incorrect settings can make SSL certificates appear invalid. Correcting the date and time can often resolve this error immediately.
To change your system time on Windows 10 or 11, go to Start → Settings ⚙ → Time & language → Date & time.
To change your system time on macOS, go to System Settings → General → Date and Time.
To change your system time on Linux, either use your desktop environment’s GUI or open a terminal window and enter:
sudo date -s “YYYY-MM-DD HH:MM:SS”
For example:
sudo date -s “12024 18:59:59”
To change your system time on a Chromebook, go to Settings ⚙ → Advanced → Time Zone and ensure the time zone is set correctly.
2. Clear your browser’s cache and cookies
Sometimes, outdated or corrupted files stored in your browser can cause this error. Clearing your browser’s cache and cookies can remove these issues.
Learn how to clear your browser’s cache and cookies(nieuw venster)
3. Try a different browser
Check if the issue persists on another browser. Whether a browser accepts the SSL certificates issued by a particular CA depends on the browser developers. As of mid-2020, Mozilla Firefox accepted certificate issues by 52 Certificate Authorities, macOS (and therefore Safari) recognized 60 CAs, and Microsoft Windows (and therefore Edge) 101 CAs.
A different browser may therefore recognize a certificate from a legitimate CA that is rejected by your usual browser.
4. Update your browser
Ensure your browser is up-to-date, as older versions of browsers may have compatibility issues with newer SSL/TLS protocols. They may also use an outdated list of accepted CAs (see above).
5. Check your antivirus or security software
Disable HTTPS/SSL scanning, as some antivirus or internet security software may intercept secure website certificates and cause this error. Temporarily disabling such features can help identify if they are the cause.
6. Switch network
Visit the website on a different network. Sometimes, the problem might be specific to the network. Trying a different network (like switching from your home WiFi to mobile data) can rule out network configuration issues.
7. Use Incognito or Private Browsing mode
This disables most extensions and uses default settings, which can help if misconfigured settings or extensions are causing the problem.
Learn more about Incognito or Private Browsing mode(nieuw venster)
8. Reset your browser’s settings
Revert to default settings. If the issue persists, resetting your browser settings to default can help eliminate any configuration problems. For example, on Chrome, go to ⋮ → Settings → Reset settings → Restore settings to their original defaults → Reset settings.
On Firefox, go to ☰ → Help → More Troubleshooting Information → Refresh Firefox.
9. Use a VPN
If you suspect regional restrictions or network issues, a VPN can bypass local network configurations and might resolve the issue
Can I ignore the error?
On most browsers, you can select advanced options and choose to ignore the warning and visit the website anyway.
We strongly recommend against doing this, and you should absolutely never hand over personal details or make any form of payment if you do decide to proceed.
Final thoughts
Thanks to the widespread adoption of HTTPS, the internet is a safer place than it was just a few years ago. This is in large part due to the not-for-profit Let’s Encrypt(nieuw venster) project, which started in 2015, and has now issued free HTTPS certificates to over 355 million websites(nieuw venster).
By verifying the authenticity of websites through the use of properly configured SSL certificates, HTTPS helps ensure you don’t hand over your personal details (including payment details) to fraudsters and protects you from malware hosted on fraudulent websites.
If you see a Your connection is not private error when trying to visit a website, by all means try to resolve it at your end, but if you can’t, then the website is probably best simply avoided