How to Fix Your Connection is Not Private Error

kinsta works with thousands of different wordpress sites on a daily basis, so when it comes to different types of errors, we’ve pretty much seen it all. from database connection errors to white screen of death, err_cache_miss and browser/tls related issues.

Some of these for the everyday wordpress user can be downright frustrating and even scary at times. Depending on the type of error, it could also mean downtime for your website, which means you’re losing money. or it may be that your computer’s browser needs to be repaired.

Today we’re going to dig into the “your connection is not private” error and walk you through a few ways to get things working again. Read more below about what causes this error and what you can do to avoid it in the future.

watch our video guide to fix your connection is not private error

what is the error your connection is not private?

“Your connection is not private” error only applies to sites that run over https (or should run over https). When you visit a website, your browser sends a request to the server where the site is hosted. the browser then has to validate the certificate installed on the site to make sure it meets current privacy standards. Other things that also happen include the tls handshake, the certificate being compared to the certificate authority, and the decryption of the certificate.

If the browser finds that the certificate is invalid, it will automatically try to prevent you from accessing the site. this feature is built into web browsers to protect the user. if the certificate is not configured correctly, this means that the data cannot be encrypted correctly and therefore it is not safe to visit the site (especially those with logins or processing payment information). instead of loading the site, it will display an error message, such as “your connection is not private”.

your connection is not private error variations

There are quite a few different variations of this error depending on the web browser you are using, the operating system, and even the certificate settings on the servers. And while some of these errors sometimes mean slightly different things, many times the troubleshooting steps are the same.

your connection is not private in google chrome

In google chrome, if there is a problem validating the certificate, the error will be displayed as “your connection is not private” (as seen below).

Attackers could be trying to steal your domain.com information (for example, passwords, messages, or credit cards).

This is also accompanied by an error code message which helps to try and pinpoint the exact issue. Below are just a couple of the most common error codes you might see in Google Chrome:

• err_cert_symantec_legacy
• net::err_cert_authority_invalid
• net::err_cert_common_name_invalid (this occurs when the certificate does not match the domain)
• net: :err_cert_weak_signature_algorithm
• net::err_certificate_transparency_required
• net::err_cert_date_invalid
• err_ssl_protocol_error
• err_ssl_version_or_cipher_mismatch

your connection is not secure in mozilla firefox

in mozilla firefox the error message is slightly different and instead of “your connection is not private” you will see “your connection is not secure” (as seen below).

The owner of domain.com has configured your website incorrectly. To protect your information from theft, Firefox has not connected to this website.

Just like in Chrome, it’s accompanied by an error code message which helps to try and pinpoint the problem. Below are just a couple of the most common error codes you might see in Mozilla Firefox:

• mozilla_pkix_error_additional_policy_constraint_failed
• sec_error_expired_issuer_certificate
• sec_error_expired_certificate
• sec_error_unknown_issuer
• mozilla_pkix_error_mitm_detected
• error_self_signed_cert
• ssl_error_bad_cert_domain

your connection is not private on microsoft edge

on microsoft edge, you will also see the error “your connection is not private”.

Attackers could be trying to steal your domain.com information (for example, passwords, messages, or credit cards).

These are also accompanied by an error code message. Below are just a couple of the most common error codes:

• net::err_cert_common_name_invalid (this occurs when the certificate does not match the domain)
• error code: 0
• dlg_flags_invalid_ca
• dlg_flags_sec_cert_cn_invalid

this connection is not private on safari

in safari, you will see the error “your connection is not private”.

This website may impersonate “domain.com” to steal your personal or financial information. you should return to the previous page.

How To Fix the Your Connection Is Not Private Error

Sometimes you may not even know where to start if you see an error that says “your connections are not private”. In our experience, these errors are usually caused by two things: the first is a client-side problem (your browser, computer, operating system), and the second is that there is a problem with the certificate on the website (expired, bad domain, not trusted by the organization). so we’ll dive into a bit of both.

here are some recommendations and things to check to fix the error (ordered by the most common reasons we see):

1. try to reload the page

this may seem a bit obvious to some, but one of the easiest first things to try when you encounter a “your connection is not private” error is to simply close and reopen your browser and try to load the page again. . it could be that the website owner is reissuing your ssl certificate or something is out of whack in your browser.

2. proceed manually (unsafe)

Your second option is to simply proceed manually. however, we never recommend doing this unless you fully understand that nothing will be encrypted if you continue. If you are going to enter login credentials or enter payment details, please skip to the next steps below.

We only include this option so we can explain all the ramifications of doing so. Seeing this error could mean that someone is trying to trick you or steal any information you submit to the server, and you should usually close the site immediately. it is also possible that the website has been compromised and there is a malicious redirect. if you are in a public place, never try to bypass this screen.

If you still want to continue, there is usually a “continue with domain.com” link you can click at the bottom of the error screen. depending on the browser, this is sometimes hidden under the “advanced” option. note: if the website uses hsts (http strict transport security), this option will not be available, as it means they have implemented an http header that never allows non-https connections.

3. Are You in a Cafe or Airport?

this may sound strange, but cafes ☕ and airport wi-fi networks tend to be one of the most popular places where users see the “your connection is not private” error. why? because a lot of them aren’t running everything over https yet, or if they are, it’s not configured correctly. this generally refers to the portal screen where you must accept the terms and agreement to log in. If you are trying to connect to an https (secure) site before agreeing to the portal terms, you might get this error. here are some simple steps to avoid it.

1. connect to the coffee shop or airport wi-fi.
2. navigate to a non-https site, such as http://www.weather. com .
3. The login page should then open. you can accept the terms and then login. due to the fact that terms usually consist of just a checkbox, you shouldn’t worry too much if you’re not running on https. once connected, you can browse sites over https. tip: if you can’t open the login page, you can also try typing 1.1.1.1 in your browser (source).

remember, anytime you use a public wifi network, a vpn can help protect you even more by hiding your traffic. here are a couple of the more popular ones you might want to check out:

• private internet access
• tunnelbear
• nordvpn

4. check your computer clock

Another very common reason you might see the “your connection is not private” error is that your computer’s clock is not working. browsers depend on them synchronizing correctly to verify the ssl certificate. This can easily happen if you just bought a new computer, especially laptops with Wi-Fi for the first time. they don’t always sync automatically after your first login. Below are the steps to update the time on your computer. note: this can also happen on mobile devices.

windows

1. Right-click the time in the bottom right-hand task tray.
2. Select “Adjust date/time.”
   

   

3. Select “Set time automatically” and optionally “Set time zone automatically.” This will update according to one of Microsoft’s NTP servers. Double check the time in the bottom right-hand task tray to make sure it’s correct. If not, you can click on the “Change” button to manually select a time zone.
   

   

4. Close your browser and re-open it. Then try revisiting the website.

mac

1. from the apple menu, click on “system preferences”
2. click on the date & time icon if the padlock appears at the bottom of the window, you may need to click it and enter your admin username and password.
3. select “set date & time automatically.” this will update according to one of apple’s ntp servers.
4. select the time zone tab. if it doesn’t determine your location automatically, just uncheck it so you can set it manually. on the map, select your time zone, region, and city.
5. close your browser and reopen it. then visit the website again.

5. try incognito mode

Our next recommendation would normally be to clear your browser’s cache. however, for many of us this is easier said than done. 😉 if you want to check if it can be your browser cache, without clearing your cache, you can always open your browser in incognito mode. or try a different browser and see if you still see the “your connection is not private” error. Don’t rule out chrome extensions either. but this will help you test it.

In Mozilla Firefox Incognito mode is referred to as “New private window.” In Microsoft Edge, it’s referred to as “New InPrivate Window.”

6. clear browser cache and cookies

If you think it might be your browser, clearing the browser cache is always a good troubleshooting step before delving into troubleshooting. below you will find instructions on how to do it in different browsers:

• how to force a single page refresh for all browsers
• how to clear browser cache for google chrome
• how to clear browser cache for mozilla firefox
• how to clear browser cache for safari
• how to clear browser cache for internet explorer
• how to clear browser cache for microsoft edge
• how to clear browser cache for opera

watch video guide to clear browser cache

7. try clearing the ssl state on your computer

Clearing the ssl state in chrome is often overlooked, but can be very useful and is easy to test. Just like clearing your browser cache, this can help if things are out of sync. To clear the ssl state in chrome on windows, follow these steps:

1. click the google chrome – settings icon and then click settings.
2. click show advanced settings.
3. under network, click Click change proxy settings. the internet properties dialog box appears.
4. click the content tab.
5. click “clear ssl status” and then click ok.
6. restart chrome.

If you are on a Mac, see these instructions on how to delete an SSL certificate.

8. change dns servers

The next thing you can try is to change your dns servers. in fact we have seen the “your connection is not private” error occur before when using google public dns (8.8.8.8 and 8.8.4.4) or cloudflare dns (1.1.1.1 and 1.0.0.1). removing this and going back to your isp’s dns servers can sometimes fix dns errors. google and cloudflare are not perfect 100% of the time and we do have issues from time to time.

To do this on windows, go to your network connection properties and make sure “obtain dns server address automatically” is selected. if you added google public dns or cloudflare dns to your router, you may need to remove it from there as well.

9. Disable VPN and Antivirus Temporarily

Sometimes vpns and antivirus software can conflict with or override your network settings, including blocking certain ssl certificates or connections. if you have any running, try temporarily disabling (closing) them or turning off their “ssl scanning” feature to see if it resolves the “your connection is not private” error in chrome.

10. make sure the certificate has not expired

ssl certificates expiring without the website owner’s knowledge happens all the time. in fact, much more than you think. even fortune 500 companies! we were able to find this tweet below in a matter of seconds. no big deal, just huntington bank forgot to renew their ssl certificate. 😨

@huntington_bank it looks like the ssl certificate on your site to log into my account has expired. google chrome gives me a warning every time and does not allow me to login. please help.

– jonathon kay (@jonathonkay29) August 13, 2018

This usually happens due to the following reasons:

• The website owner does not have auto-renew enabled with the domain registrar or ssl certificate provider.
• Auto-renew is enabled. enabled but the payment fails because the user forgot to update their payment method. users typically change credit cards more often than they access their domain registrar’s panel throughout the year.
• website owner uses a free certificate from let’s encrypt that expires every 90 days and they don’t have a script to renew it, or they forget. At Kinsta, we’ve automated this process so you never have to worry about your free SSL certificates expiring.

this results in an attached error code: net::err_cert_date_invalid.

You can easily check a certificate’s expiration date by opening up Chrome DevTools while you’re on the site. Click on the security tab and click on “View certificate.” The “Valid from” dates will show in the certificate information.

Another quick and easy way to access a site’s SSL certificate information in Chrome is to click on the padlock in the address bar. Then click on “Certificate.”

11. Check Subject Alternative Domain

each certificate has what they call the subject alternative name. this includes all domain name variations for which the certificate is issued and for which it is valid. It’s important to note that https://domain.com and https://www.domain.com are treated as two separate domains (like a subdomain).

If you’re seeing an accompanying error code such as SSL_ERROR_BAD_CERT_DOMAIN, it could be that a certificate is not registered properly on both variations of the domain. This is less common nowadays as sites usually have HTTPS redirects in place. At Kinsta you can generate your free HTTPS certificate for both www and non-www.

This could also happen if you just changed domain names. For example, perhaps you just acquired that shiny new .com address and moved from your old domain. If you forget to install an SSL certificate on your new domain, then a NET::ERR_CERT_COMMON_NAME_INVALID error will most likely occur.

12. is the certificate sha-1?

sha-1 is a cryptographic hash algorithm that was once commonly used by ssl certificates on the web. however, sha-1 has shown signs of weakness and is therefore no longer supported by any current browser. if a website still uses a certificate with this old algorithm, you will get the error “your connection is not private”.

• google chrome removed support for sha-1 in chrome 56 (Jan 2017)
• mozilla firefox announced deprecation of sha-1 in firefox 51 (Feb 2017)
• microsoft announced the blocking of sha-1 signed tls certificates (January 2017)

most certificates now use sha-256 hash algorithms. this can be found in the “details” tab when inspecting a certificate on a website.

13. Is the Certificate Issued by Symantec?

In January 2017, the public became aware of some bad practices on the part of Symantec in regards to how they issued certificates. Essentially, they did not meet the industry standard browser/ca forum baseline requirements. it also turned out that they had been aware of this for some time. Because of this, browsers decided to stop supporting Symantec-issued certificates. If a website is still using a certificate issued by them, you may get the error “Your connection is not private”.

The timeline for this is still being implemented:

• google chrome symantec timeline
• mozilla firefox symantec timeline
• most likely microsoft will do the same, though they haven’t done one yet official statement.

Using a symantec certificate may result in the accompanying error code: net::err_cert_symantec_legacy.

14. Run an SSL Server Test

If you’re not sure if everything is set up correctly on your website or someone else’s, you can always run an ssl server test. ssl/tls certificates require not only your main certificate, but also what they call intermediate (chain) certificates to be installed. if you don’t have them set up correctly, visitors may get a warning in their browsers, which in turn could scare them away. and depending on the browser and version, you may or may not see this warning if your certificate is configured incorrectly.

We recommend using the free ssl checker tool from qualys ssl labs. it is very reliable and we use it for all kinsta clients when verifying certificates. simply go to your ssl verification tool, enter your domain in the hostname field and click “submit”. you can also select the option to hide public results if you prefer. The scan may take a minute or two, but it will show you all the details about a site’s ssl/tls configuration.

Check out our in-depth tutorial on a couple things to check for when running an SSL test.

We’ve taken our knowledge of effective large-scale website management and turned it into an ebook and video course. Click here to download the 2022 guide to managing 60+ wordpress sites!

15. update your operating system

Older operating systems become obsolete with newer technologies like tls 1.3 and newer cipher suites as browsers stop supporting them. specific components in the latest ssl certificates will simply stop working. google chrome actually took windows xp offline in 2015. we always recommend upgrading to newer operating systems if possible, like windows 10 or the latest version of mac os x.

make sure your device is up to date on windows, mac or other operating system.

16. restart your computer

We know it’s annoying, but we have to mention it. 😬 if none of the above works, please try restarting your computer and even your router. We realize that many of you probably have hundreds of tabs or applications open and that is why we made this one of the last options. but rebooting devices actually removes a lot of temporary cache and hiccups.

17. ask for help

Still seeing the error “Your connection is not private”? don’t be afraid to reach out and ask for help. if you see this on your own wordpress site feel free to open a ticket with our kinsta support team. we can help you determine why this might be happening and if it really is a problem on your website.

the google chrome help forums can also be especially helpful. you can guarantee that there are users who already experienced the same error and are ready to help.

18. disable chrome ssl certificate verification

You can also disable chrome’s ssl certificate verification. however, we cannot stress enough, this is for testing and development purposes only. never use the following options unless you know exactly what you’re doing.

allow invalid localhost certificates

If you’re testing locally, you may be able to use the chrome flag to simply allow non-secure connections from localhost. in chrome go to: chrome://flags/. search for “insecure” and you should see the option “allow invalid certificates for resources loaded from localhost”. enable that option and restart your browser.

Disable Chrome Checking All SSL Certificates

You can tell chrome to ignore all ssl certificate errors by passing the following on the command line at startup. if you are on windows just right click on launcher properties. then add -ignore-certificate-errors in the target field. then restart chrome.

Summary

Browser errors are never fun and can sometimes be difficult to fix. hopefully one of the tips above will help you resolve the “your connection is not private” error as quickly as possible. remember, these are usually caused by something misconfigured on your own computer or with the certificate on the website itself.

was there something we missed? maybe you have another tip to fix the connection error. if so, let us know below in the comments.