Seeing a red warning screen in your browser instead of your WordPress website is alarming. When Google Chrome displays the NET::ERR_CERT_INVALID error, it blocks access to the page entirely. It tells visitors that the connection is not private and that their data could be at risk.
This error is more common than most website owners expect. It can appear after installing a new SSL certificate, switching hosting providers, or even after a routine update. Understanding what triggers it and how to fix it quickly is essential for keeping your site secure and accessible.
This guide covers the major causes and fixes for the NET::ERR_CERT_INVALID error on WordPress websites. Whether you are a site owner or developer, you will find step-by-step solutions that actually work.
NET::ERR_CERT_INVALID error in WordPress usually occurs when a website’s SSL certificate is expired, incorrectly configured, mismatched with the domain, or not properly recognized by the browser. Fixing it typically involves renewing the SSL certificate, correcting HTTPS settings, resolving certificate configuration issues, and clearing outdated browser or cache data.
Understanding the NET::ERR_CERT_INVALID SSL Certificate Error in Chrome
The net::err_cert_invalid error occurs when a web browser cannot verify the SSL/TLS certificate presented by a website. When you visit a site over HTTPS, your browser checks the certificate to confirm the site is legitimate and the connection is secure. If that check fails for any reason, the browser stops loading the page and displays this error.

Google Chrome is particularly strict about SSL validation. It will display this error message even when the issue is minor, such as a configuration gap or a missing certificate in the trust chain. The browser does this to protect users from insecure connections, potential eavesdropping, or man-in-the-middle attacks.
The error appears in the address bar and typically reads: “Your connection is not private” followed by the error code NET::ERR_CERT_INVALID. Users also sometimes see the message “potential security risk ahead,” depending on the browser.
The problem can be on either the user’s device or the website’s server. That distinction matters when troubleshooting, because the fix is completely different in each case.
How SSL Certificates Help Secure WordPress Websites?
An SSL (Secure Sockets Layer) certificate is a small data file that activates SSL encryption on a web server. It creates an encrypted link between the web server and the browser, ensuring that all data transmitted remains private.
SSL certificates encrypt data between websites and users. This means login credentials, payment information, and form submissions cannot be intercepted by third parties. Using SSL certificates prevents data interception and builds trust with your visitors.
For WordPress security, SSL is non-negotiable. Google marks all HTTP sites as “Not Secure.” A valid SSL certificate is also a confirmed ranking signal in Google Search. Without it, your site loses both credibility and organic visibility.
SSL certificates are issued by a trusted third party called a certificate authority (CA). When a browser visits your site, it verifies the certificate against a list of known, trusted CAs. If the certificate is valid, the connection proceeds securely. If not, the browser displays an error.
Difference Between NET::ERR_CERT_INVALID and Other SSL Errors
Several SSL-related errors can appear in Chrome, each pointing to a different underlying problem.
- NET::ERR_CERT_INVALID means the certificate itself is structurally invalid or cannot be verified. This includes domain mismatches, corrupted certificates, or certificates that fail chain validation.
- NET::ERR_CERT_AUTHORITY_INVALID (or net err_cert_authority_invalid error) indicates an unrecognized SSL certificate, meaning the certificate authority that issued it is not trusted by the browser. Self-signed certificates commonly trigger this. The net err_cert_authority_invalid error is closely related but specifically points to trust issues with the issuing authority.
- NET::ERR_CERT_DATE_INVALID means the certificate has expired or has a future start date that has not yet been reached.
Each error requires a different fix. Identifying the exact error code displayed in the browser is the first step before attempting any solution.
Need Help Fixing WordPress SSL Issues?
Get expert assistance to diagnose and resolve WordPress SSL errors, certificate issues, and website security configuration problems.
Why Does the NET::ERR_CERT_INVALID Error Occur on WordPress Websites?
There are many causes behind this particular error. Some originate on the server. Others stem from local device or browser settings. Here is a breakdown of the most common causes.

Expired or Invalid SSL Certificate on WordPress Website
SSL certificates typically expire every 90 days for free certificates (such as Let’s Encrypt) or every 1 to 2 years for paid certificates. When the expiration date passes, browsers immediately reject the certificate and show the error.
An expired certificate is one of the most common causes of this error. If your hosting provider manages auto-renewal, a failed renewal process can leave your site with an expired certificate without warning. Always monitor your SSL certificate’s expiration date and set up renewal alerts.
SSL Certificate Domain Name Mismatch Issues
Name mismatch occurs when the website’s address does not match the name on the certificate. For example, if your certificate covers www.example.com but a visitor accesses example.com (without www), The browser sees a mismatch and throws the error.
Domains may be listed incorrectly in the certificate, resulting in validation failure. This often happens when a wildcard certificate or multi-domain certificate is configured incorrectly during setup.
Incorrect SSL Certificate Installation or Configuration
A certificate that is not installed properly on the web server will fail validation. This includes uploading the wrong certificate files, skipping required configuration steps in cPanel or your hosting panel, or using a certificate generated for the wrong server.
If you recently reinstalled your SSL certificate or migrated your hosting, double-check that the certificate files are correctly placed and linked to your domain.
Missing Intermediate SSL Certificate Chain
SSL certificates work within a chain of trust. Your certificate must be linked back to a trusted root certificate authority through one or more intermediate certificates. If the intermediate certificate is missing from your server configuration, browsers cannot complete the chain validation and display the error.
The certificate authority that issued your certificate provides the intermediate bundle. It must be installed alongside your main certificate. Many server configurations omit this step, which is a frequent cause of the error.
Mixed Content Issues After Moving WordPress From HTTP to HTTPS
When you move WordPress from HTTP to HTTPS, some resources, images, scripts, or stylesheets may still load over HTTP. This creates a mixed content issue. While mixed content alone usually shows a browser warning rather than a full block, it can contribute to SSL validation failures in certain configurations.
Learning how to force HTTPS on WordPress is a critical step after SSL installation. If your WordPress site has lingering HTTP references in the database or theme files, they need to be updated.
WordPress URL Configuration Issues After SSL Installation
WordPress stores its site URL in the database. After SSL installation, if the siteurl and home values in the database still point to http:// instead of https://, WordPress may serve mixed or incorrect URLs. This can cause the browser to receive conflicting signals about the certificate, leading to the error.
This is one of the first settings to verify after enabling SSL on a WordPress site.
CDN, Hosting, or Firewall SSL Configuration Problems
If your WordPress site uses a CDN (Content Delivery Network) like Cloudflare, the CDN handles SSL termination between the browser and its edge servers. A mismatch between the CDN’s SSL mode and your origin server’s configuration can trigger certificate errors.
Similarly, a web server firewall or security plugin that intercepts HTTPS traffic may conflict with the certificate presented to the browser. Errors can occur if the website uses a certificate that the browser does not trust when it is filtered by a proxy or firewall.
A Cloudflare error code 522 is related but distinct; it indicates a connection timeout between Cloudflare and the origin server and can sometimes accompany SSL misconfigurations.
Browser Cache or Outdated SSL Information Causing Certificate Errors
Browsers store SSL certificate information in a local cache. If you recently renewed or replaced your certificate, the browser may still be reading the old, invalid cached version. This causes the error to persist even after the server certificate issue has been resolved.
A corrupt browser cache can interfere with the SSL handshake and cause errors. Clearing the SSL state and browser cache is often the fastest and easiest fix when the server-side configuration is confirmed to be correct.
How to Check What is Causing NET::ERR_CERT_INVALID Error in WordPress?
Before applying any fix, identify the exact source of the problem. Jumping straight to solutions without diagnosis wastes time and can introduce new issues.
Verify SSL Certificate Status and Details in Browser
When the error appears in Chrome, click the “Not Secure” or warning icon in the address bar. Chrome will display a brief message about the certificate. Click on “Certificate (Invalid)” or “Your connection is not private” to see the full certificate details.
This panel shows whether the certificate is expired, untrusted, or mismatched. It also tells you which certificate authority issued it and the domain it covers.
Check SSL Certificate Expiry Date, Domain, and Issuer Information
Inside the certificate viewer, look for three key fields:
- Valid From/Valid To: Check the expiration dates. If today’s date is past the “Valid To” date, the certificate has expired.
- Issued To: Confirm this matches your website’s domain exactly, including whether it covers the
wwwversion. - Issued By: Confirm the issuing certificate authority is a trusted CA (such as Let’s Encrypt, DigiCert, or Comodo). If it shows your own domain or server name, you may have a self-signed certificate.
Test SSL Configuration Using Online SSL Checker Tools
Free tools like SSL Labs (ssllabs.com/ssltest) let you run a full SSL analysis on your domain. These tools check the validity of your certificate, the completeness of its chain, protocol support, and configuration. They grade your SSL setup and flag specific problems.
Running a check here is the most reliable way to confirm whether the issue is a missing intermediate certificate, a weak cipher suite, or a misconfiguration on your web server.
Identify Whether the Issue is From WordPress, Hosting, or Browser Settings
To isolate the source of the error:
- Open the site in an incognito window. If it loads correctly, a browser extension may be causing the issue. Opening a site in incognito mode can help determine if extensions are causing SSL problems.
- Try opening the page in different browsers (Firefox, Edge, Safari). If the error appears in all major browsers, the problem is on the server. If it only appears in Chrome, it may be a local browser issue.
- Ask another person on a different network to check the site. If they see the site fine, the issue may be related to your local network, VPN, or antivirus software.
- Check if WordPress maintenance tasks, such as a recent plugin update, coincided with the error first appearing.
Methods to Fix NET::ERR_CERT_INVALID Error in WordPress
Once you know the cause, apply the matching fix. Work through the relevant steps in order.

Renew or Replace the Expired SSL Certificate
If the certificate has expired, renew it immediately through your hosting provider’s control panel. Most hosting dashboards (cPanel, Plesk, Kinsta, WP Engine) include an SSL manager that lets you renew or install a new certificate with a few clicks.
For Let’s Encrypt certificates, the renewal is often automatic. If auto-renewal failed, you can manually trigger it from the SSL/TLS section in cPanel or via the command line using Certbot.
After renewal, clear your browser’s SSL state and reload the page to confirm the new certificate is being served. The new certificate should show an updated expiration date in the browser’s certificate viewer. WordPress security updates should always include a check of your SSL status.
Reinstall and Configure the SSL Certificate Correctly
If the certificate is current but still throwing errors, the installation itself may be incorrect. Go to your hosting control panel and remove the existing certificate. Then reinstall it by uploading the correct certificate file, private key, and CA bundle.
Ensure the certificate was issued for your specific domain. If you recently migrated your site to a new server, the certificate from the old server will not be valid on the new one. You need a new certificate issued for the domain pointing to the new server.
Fix SSL Certificate Domain and Intermediate Issues
For domain mismatch errors, confirm that your certificate covers all versions of your domain. If your certificate only covers example.com, add a Subject Alternative Name (SAN) for www.example.com, or use a wildcard certificate (*.example.com).
For missing intermediate certificate issues, download the CA bundle from your certificate authority’s website and upload it to your server in the SSL configuration alongside your main certificate. The SSL Labs test mentioned earlier will indicate whether the chain is incomplete.
Update WordPress URLs From HTTP to HTTPS
Log in to your WordPress dashboard and go to Settings > General. Update both the WordPress Address (URL) and Site Address (URL) fields http:// to https://. Save the changes.
If you cannot access the dashboard due to the error, update these values directly in the database via phpMyAdmin. Find the wp_options table and update the siteurl and home rows to use HTTPS.
After updating the URLs, you should also update WordPress themes and plugins to ensure they use HTTPS URLs.
Fix Mixed Content Errors After Enabling SSL
After switching to HTTPS, use a plugin such as Better Search Replace or the SSL Insecure Content Fixer to scan and update HTTP references in the database. This replaces http://yourdomain.com with https://yourdomain.com across all posts, pages, and settings.
You should also edit your theme functions.php or use an .htaccess redirect to force all traffic to HTTPS. This ensures users and search engines always access the secure version of your site. Implementing solid WordPress website hardening practices includes eliminating all mixed content.
Clear WordPress Cache and Browser SSL Cache
Caching plugins can serve outdated HTTP content even after SSL is properly configured. Clear the cache in plugins like WP Rocket, W3 Total Cache, or LiteSpeed Cache from the WordPress dashboard.
For the browser SSL state, follow these steps in Chrome:
- Go to Settings → Privacy and Security → Security
- Scroll down and click Manage Certificates
- On Windows, this opens the Certificate Manager under the Control Panel. On Mac, open the Keychain Access app via the Apple menu.
- Delete any outdated or invalid certificates for your domain.
Alternatively, in Chrome’s address bar, type chrome://net-internals/#hsts and use the Delete domain security policies section to clear stored HSTS data for your domain. After clearing the SSL state, restart Chrome and revisit the site.
Disable WordPress Plugins Causing SSL Conflicts
Some security, firewall, or caching plugins can interfere with SSL verification. To test whether a plugin is causing the issue, deactivate all plugins via Plugins → Installed Plugins in the WordPress dashboard, then reload the site.
If the error disappears, reactivate plugins one at a time to identify the culprit. WordPress security plugins that include SSL inspection or firewall features are common sources of conflicts when misconfigured.
Once you find the problem plugin, check its settings for SSL-related options, update it to the latest version, or contact the plugin developer for support.
Check and Update CDN or Hosting SSL Settings
If you use Cloudflare or another CDN, verify the SSL/TLS encryption mode in the CDN dashboard. Cloudflare offers four modes: Off, Flexible, Full, and Full (Strict).
- Flexible: CDN-to-browser traffic is HTTPS, but CDN-to-origin-server traffic is HTTP. This can cause redirect loops and errors.
- Full: CDN to origin is HTTPS, but the origin certificate does not need to be valid.
- Full (Strict): Both connections must be HTTPS with a valid certificate.
Set the mode to Full (Strict) when your origin server has a valid SSL certificate installed. Using the wrong mode is a common but easy fix for persistent SSL errors on sites running behind a CDN.
For top cloud web hosting providers, check their documentation for server-level SSL settings that may need manual configuration.
Correct Server Date and Time Configuration
Incorrect date and time settings can trigger SSL errors. SSL certificates are valid only within a specific date range. If your server’s clock is even a few minutes off, it can fail certificate validation.

On your server, ensure NTP (Network Time Protocol) is enabled to keep the time synchronized automatically. The correct time zone is also important. Check your server’s time zone in the hosting control panel, and confirm it is set correctly.
For local device issues, an incorrect date on your computer can cause a valid certificate to appear expired or not yet valid. On Windows, right-click the clock in the taskbar and select Adjust date/time.
On Mac, go to System Preferences via the Apple menu and open Date and Time. Enable “Set date and time automatically,” then confirm the correct time zone is selected.
Update Browser and Operating System Certificate Settings
Outdated browsers may not trust SSL certificates issued by newer certificate authorities. Update Google Chrome to the latest version by going to Help → About Google Chrome. Chrome will check for and apply updates automatically. Keeping your browser current ensures its built-in CA trust store is up to date.
Your operating system also maintains a certificate trust store. On Windows, updates to the root certificate program are distributed via Windows Update. On macOS, they come through system updates. If your OS is significantly outdated, it may be missing trust entries for newer CAs.
Running the latest OS updates resolves many persistent SSL errors that appear only on specific devices. This is particularly relevant when major browsers work fine for other users but show errors on your machine. Performing a WordPress security audit on your site also flags outdated configurations that may contribute to SSL problems.
Temporarily Disable Antivirus or Firewall SSL Inspection
Antivirus software and firewalls can interfere with SSL verification. Many security suites include a feature called SSL inspection or HTTPS scanning. This feature intercepts HTTPS traffic and re-signs it with the antivirus software’s own certificate. If your browser does not trust that certificate, it displays the error.
To test whether your antivirus software is causing the issue, temporarily disable HTTPS scanning in the antivirus settings. Common options appear under names like “Web Shield,” “HTTPS Filtering,” or “SSL Scanning,” depending on the product.
If the error disappears after disabling this feature, re-enable it and look for an option to add your site as a trusted exception. This ensures the antivirus does not intercept SSL traffic for domains you trust.
Using a public network, such as a shared Wi-Fi connection at a café or airport, can also cause SSL certificate errors. Public networks often use proxies or redirect HTTPS traffic in ways that break certificate validation. Test your site on a private network or mobile data to rule this out.
Conclusion: Fix NET::ERR_CERT_INVALID Error
The NET::ERR_CERT_INVALID error in WordPress is almost always fixable once you know the root cause. Start by checking the certificate details in Chrome, running an SSL test, and identifying whether the problem is server-side, browser-side, or device-side.
The most common fixes include renewing an expired certificate, correcting a domain mismatch, installing the full certificate chain, updating WordPress URLs to HTTPS, and clearing the browser’s SSL state. For CDN-related issues, setting the correct SSL mode in Cloudflare resolves most conflicts quickly.
Proactive SSL management prevents this error from recurring. Monitor your certificate’s expiration date, automate renewals where possible, and include SSL checks in your regular WordPress website management routine.
If the error persists after working through these steps, the issue may require a deeper WordPress security checklist review or assistance from your hosting provider. A systematic approach, checking each potential cause one at a time, will get your site back online securely and quickly.
FAQs About Fixing NET::ERR_CERT_INVALID Error
What causes the NET::ERR_CERT_INVALID error in WordPress?
NET::ERR_CERT_INVALID error usually appears when the SSL certificate is expired, incorrectly installed, does not match the domain, or contains configuration issues. Browser cache and HTTPS settings can also cause this error.
How do I fix the NET::ERR_CERT_INVALID error in WordPress?
You can fix this error by renewing the SSL certificate, reinstalling SSL correctly, updating WordPress URLs to HTTPS, resolving mixed content issues, and checking the SSL settings on your hosting or CDN.
Can an expired SSL certificate cause the NET::ERR_CERT_INVALID error?
Yes. An expired SSL certificate prevents browsers from verifying website security and can trigger the NET::ERR_CERT_INVALID error message.
Why does my WordPress site show NET::ERR_CERT_INVALID after installing SSL?
This can happen due to incorrect SSL configuration, missing certificate chain files, domain mismatch, mixed content, or cached SSL information stored by the browser.
Does changing WordPress from HTTP to HTTPS fix the NET::ERR_CERT_INVALID error?
Updating WordPress URLs to HTTPS can fix some SSL-related issues, but the error may continue if the SSL certificate is invalid, expired, or incorrectly configured on the server.


