Your connection is not private - Rocketeers app [ Rocketeers ](/) [Login](https://rocketeersapp.com/login) On this page Knowledge --------- Your connection is not private ============================== ### [\#Errors](https://rocketeersapp.com/knowledge/errors) This browser warning means the SSL certificate could not be validated. As a site owner it usually points at an expired certificate, a missing chain, or a domain mismatch you can fix on the server. Published by [Mark van Eijk](https://rocketeersapp.com/author/mark-van-eijk) on June 23, 2026 · 1 minute read 1. [About the error](#content-about-the-error) 2. [Why do I see this error](#content-why-do-i-see-this-error) 3. [Solution](#content-solution) 4. [Renew an expired certificate](#content-renew-an-expired-certificate) 5. [Cover every domain the site answers on](#content-cover-every-domain-the-site-answers-on) 6. [Serve the full chain](#content-serve-the-full-chain) [\#](#content-about-the-error "Permalink")About the error --------------------------------------------------------- Chrome shows a full-page "Your connection is not private" warning with a code such as `NET::ERR_CERT_*`. The browser couldn't validate the site's SSL certificate, so it blocks access to protect the visitor. If it's your own site, it means visitors are being turned away, so it's worth fixing fast. [\#](#content-why-do-i-see-this-error "Permalink")Why do I see this error ------------------------------------------------------------------------- The specific code under the warning tells you which problem it is: - **`NET::ERR_CERT_DATE_INVALID`** the certificate has expired (the most common). - **`NET::ERR_CERT_AUTHORITY_INVALID`** untrusted issuer or missing chain, see [NET::ERR\_CERT\_AUTHORITY\_INVALID](/net-err-cert-authority-invalid). - **`NET::ERR_CERT_COMMON_NAME_INVALID`** the certificate doesn't cover the domain being visited (e.g. `www` missing). - A wrong **system clock** on the visitor's device (the one cause that isn't your fault). [\#](#content-solution "Permalink")Solution ------------------------------------------- ### [\#](#content-renew-an-expired-certificate "Permalink")Renew an expired certificate Expiry is the number one cause. With Certbot, renew and make sure auto-renewal is active so it never lapses again: ``` sudo certbot renew sudo systemctl reload nginx ``` Check the expiry date directly: ``` echo | openssl s_client -connect example.com:443 -servername example.com 2>/dev/null | openssl x509 -noout -dates ``` ### [\#](#content-cover-every-domain-the-site-answers-on "Permalink")Cover every domain the site answers on A `COMMON_NAME_INVALID` error means the certificate is missing a name. Issue it for both the apex and `www` (and any subdomains you serve): ``` sudo certbot --nginx -d example.com -d www.example.com ``` ### [\#](#content-serve-the-full-chain "Permalink")Serve the full chain If the code is `AUTHORITY_INVALID`, point nginx at `fullchain.pem`, not the leaf-only `cert.pem`, so the browser can build the trust chain: ``` ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ``` Then validate and reload: ``` nginx -t && systemctl reload nginx ``` For the underlying TLS negotiation failures behind these warnings, see [SSL handshake failed in nginx](/ssl-handshake-failed-nginx), and for a hardened setup, [an A+ grade SSL using Cloudflare](/a-plus-grade-ssl-using-cloudflare). ### Subscribe to our newsletter Do you want to receive regular updates with fresh and exclusive content to learn more about web development, hosting, security and performance? Subscribe now! Fill in your email address to receive updates Subscribe #### More in [\#Errors](https://rocketeersapp.com/knowledge/errors) - [Error in the HTTP2 framing layer](https://rocketeersapp.com/knowledge/error-in-the-http2-framing-layer) - [413 Request Entity Too Large in nginx](https://rocketeersapp.com/knowledge/413-request-entity-too-large) - [403 Forbidden in nginx](https://rocketeersapp.com/knowledge/403-forbidden-nginx) - [ERR\_TOO\_MANY\_REDIRECTS (redirect loop)](https://rocketeersapp.com/knowledge/err-too-many-redirects) - [CORS error: No Access-Control-Allow-Origin header](https://rocketeersapp.com/knowledge/cors-error-no-access-control-allow-origin) - [curl (60) SSL certificate problem: unable to get local issuer certificate](https://rocketeersapp.com/knowledge/curl-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate) [View all 11 articles →](https://rocketeersapp.com/knowledge/errors)