Support Forums

NET::ERR_CERT_INVALID on Netlify domain


I’m getting an invalid certificate error (NET::ERR_CERT_INVALID) on multiple browsers, devices, and locations and I cannot figure out for the life of me why. I’m using Netlify’s hosting and free domain, and haven’t touched any of the site or security settings. And checking the HTTPS status codes results in 200 (OK). You can also see my headers there. Domain is https://competent-keller-2bfca5.netlify.app/

Everything has worked fine until it didn’t. I tried on Chrome, Safari (no my default browser so no extensions or cache, etc) on my home network. My phone on my home network did work but I can’t do a hard refresh on the mobile browser. Now I’m on my workplace wifi, still getting the same error in Chrome and mobile browser, but not when using my mobile data. So it happens on multiple ISPs but not on mobile data.

After some time, some pages now work but others don’t - I think if I did I hard refresh they would stop working but I’m trying to keep access to the CMS :sweat_smile:

I’ve also checked all the forum posts and external resources I could and most were user error, unresolved, or using a custom domain.

Many thanks

Here are more of the error details (from Chrome on work wifi):

Subject: competent-keller-2bfca5.netlify.app
Issuer: Cisco Umbrella Secondary SubCA lon-SG
Expires on: 1 Oct 2021
Current date: 28 Sept 2021

Also saw that the error on my phone is slightly different: NET::ERR_CERT_AUTHORITY_INVALID but has the same details as above ^

Hi @TimTorres

Do you by chance have any local application or network settings that might be modifying the certificate? For example, Avast modifies the certificate with its own authority. In normal conditions, the certificate should look like this:

I’ve never seen reports of the default Netlify subdomain having a wrong SSL - because that’s what applies to all websites and if it stopes working for one, it would most likely stop working for all.

Hi @hrishikesh,

The issue has disappeared now so it’s difficult to troubleshoot, of course! Right now the certificate looks like what you’ve posted above.

Based on that though and the Issuer details I pasted above, I may have pinned down what it is. I have the Umbrella Roaming Client (AV from work) installed on this machine, and when I was experiencing the error on my phone I was on the work network. So that may be it, but I don’t know how to resolve. At least it’s not happening to anyone else.

If you do find anything do let us know. We would not want anyone to face this issue!

1 Like

It looks like this was the cause of the issue: Old root certificate of Let’s Encrypt TLS certificates for custom domains has expired.

It says it affects older devices but further down someone mentioned it was also affecting enterprise services like Cisco Umbrella (mentioned in my post).

1 Like