Skip to main content

How Do I Fix "Your Connection Is Not Private" on My Website?

Rachel is a marketing geek and passionate about SEO and anything where technology meets sales.

ERR_CERT_AUTHORITY_INVALID Error message on your website.

ERR_CERT_AUTHORITY_INVALID Error message on your website.

Help! My Customers Think My Website Is Malicious

A customer messages you saying they got an error message proclaiming "Attackers are Trying To Steal Your Information." It's something no website owner wants to hear. You visit the website and can't see the error message, or maybe you can if you're using an older computer.

There are many reasons why your web visitors may get this error message, but I'm going to focus on a very specific problem that was acknowledged by Let's Encrypt in September 2021 and is costing small business owners a fortune in lost online sales. The error message in question is ERR_CERT_DATE_INVALID or ERR_CERT_AUTHORITY_INVALID, which is shown in the picture above. If you can't see the error message then ask your customer for a screenshot if possible.

Another option is is to look at the SSL certificate associated with your website. Follow these steps to do so:

  1. Go to your website in Safari, Chrome or Firefox and look for the padlock just to the left of your web address.
  2. Click on the padlock and a drop-down menu will appear.
  3. Click on the item with a padlock "Your connection is secure" or...
  4. If the message says "Certificate is not valid" and says that the site is insecure in red then you're probably using an older computer with an outdated operating system. Either way, the next step is the same.
  5. Click on the Certificate option to "Show Certificate"
  6. A pop-up will appear showing the certificate with the nested layers of authentication. Most likely the Root Certificate will be named: DST Root CA X3 and if you open the details section at the bottom, then your SSL Cert will have been issued by Let's Encrypt (see screenshot).

What Comes Next?

If your certificate doesn't come from Let's Encrypt with a similar nesting structure then you have other problems and this article isn't what you're looking for. Perhaps you have mixed content links hidden in your website (i.e. http links to the insecure version of your website.) If that's the case then consult a web professional such as myself to find the leaks. Alternatively, it could be that your SSL certificate is out of date or your customer's computer clock is out of sync. There are many reasons why this might happen, but if your certificate looks like the one above then read on.

Hosting Companies and SSL Providers Didn't Have the Answer

I first encountered this problem whilst working on one of my client's websites, a Private GP Surgery near Canterbury in England, UK. They rang me and said that their website had been hacked and that I needed to look into it right away. Of course, I couldn't find anything.

Further investigation with the customer who reported the problem revealed that the problem was with their browser and that all website visitors using older operating systems were experiencing the same error message.

Scroll to Continue

Of course, the large majority of my client's customers were older, high net worth, individuals, and therefore they were more likely to be using older computers with out-of-date operating systems and browsers. Potential new customers were trying to visit their website but were told not to enter and diverted elsewhere. This was a marketing disaster that I absolutely had to solve for him.

I spoke to his hosting provider, JustHost, at length and the only solution that they would provide was a work around on the end customer's laptop, which wouldn't solve the problem that potential customers were being turned away at the virtual front door. There was one other alternative that they suggested, but that involved paying through the nose for a different SSL certificate. Given that they were already paying for the SSL certificate through their hosting plan, I didn't feel that this was good value for my customer.

I then contacted various SSL providers looking for an answer. Their solutions were similarly unsatisfactory. Fix the end-client browser, or obtain a very expensive SSL Certificate.

I was starting to come to the conclusion that free SSL certificates were going to become uneconomical for small business owners because of potential lost business. But I didn't give up!

The Solution to ERR_CERT_DATE_INVALID

Being told that a paid certificate would solve the problem gave me hope that I could find a free provider with a different Root Certificate that was compatible with older operating systems. So I set about checking all the SSL providers and their Root Authority and eventually discovered ZeroSSL, which acknowledged the problem and provided certificates trusted by older browsers and operating systems. They are partnered with all major ACME client integrations in order to ensure the largest possible level of compatibility. You can create 90-day SSL Certificates Free of Charge and set up automated renewals in a straightforward manner via their website.

After three days of troubleshooting, research and testing, my client was up and running with the highest level of compatibility. He was so happy with my service that he moved to my hosting and has reduced his costs by doing so.

ZeroSSL also added a cross-script that further reduced the chances of him getting zinged by "Attackers are trying to steal your information" messages.

I do hope you found this article helpful and if there's anything I can help you with, please get in touch!

This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.

© 2022 Rachel Roodhardt

Related Articles