Seite wählen

https://kinsta.com/blog/your-connection-is-not-private/

Kinsta works with thousands of different WordPress sites on a daily basis, so when it comes to different types of errors, we’ve pretty much seen it all. From database connection errors to the white screen of death, and browser/TLS related issues. Some of these for the everyday WordPress user can be downright frustrating and even scary at times. Depending on the type of error it could also mean downtime for your website, which means you’re losing money. Or it might just be that the browser on your computer needs fixing.

Today we’re going to dive into the “your connection is not private” error and walk you through some ways to get things working again. Read more below about what causes this error and what you can do to prevent it in the future.

What is the Your Connection is Not Private Error?

The “your connection is not private” error only pertains to sites that are running over HTTPS (or should be running over HTTPS). When you visit a website, your browser sends a request to the server where the site is hosted. The browser then has to validate the certificate installed on the site to ensure it is up to current privacy standards. Other things that also take place include the TLS handshake, the certificate being checked against the certificate authority, and decryption of the certificate.

If the browser finds that the certificate isn’t valid, it will automatically try to prevent you from reaching the site. This feature is built into web browsers to protect the user. If the certificate isn’t set up correctly, this means data can’t be encrypted properly and therefore the site is unsafe to visit (especially those with logins or that process payment information). Instead of loading the site, it will deliver an error message, such as “your connection is not private.”

Your Connection is Not Private Error Variations

There are a quite a few different variations of this error depending upon which web browser you’re using, operating system, and even the configuration of the certificate on the servers. And while some of these errors sometimes mean slightly different things, a lot of times the troubleshooting steps are the same.

Google Chrome

In Google Chrome if there is an issue validating the certificate the error will show as “your connection is not private” (as seen below).

Attackers might be trying to steal your information from domain.com (for example, passwords, messages, or credit cards).

Your connection is not private error in Chrome

Your connection is not private error in Chrome

This is also accompanied by an error code message which helps to try and pinpoint the exact issue. Below are just a couple of the most common error codes you might see in Google Chrome:

  • ERR_CERT_SYMANTEC_LEGACY
  • NET::ERR_CERT_AUTHORITY_INVALID
  • ERR_CERT_COMMON_NAME_INVALID
  • NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM
  • ERR_CERTIFICATE_TRANSPARENCY_REQUIRED
  • NET::ERR_CERT_DATE_INVALID
  • SSL certificate error
  • ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Mozilla Firefox

In Mozilla Firefox the error message varies slightly, and instead of “your connection is not private” you’ll see “your connection is not secure” (as seen below).

The owner of domain.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

Your connection is not secure warning in Firefox

Your connection is not secure warning in Firefox (Image source: Firefox Help)

Just like in Chrome, it’s accompanied by an error code message which helps to try and pinpoint the problem. Below are just a couple of the most common error codes you might see in Mozilla Firefox:

  • MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED
  • SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE
  • SEC_ERROR_EXPIRED_CERTIFICATE
  • SEC_ERROR_UNKNOWN_ISSUER
  • MOZILLA_PKIX_ERROR_MITM_DETECTED
  • ERROR_SELF_SIGNED_CERT
  • SSL_ERROR_BAD_CERT_DOMAIN

Microsoft Edge

In Microsoft Edge, you will also see the error as “your connection is not secure.”

This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.

These are also accompanied by an error code message. Below are just a couple of the most common error codes:

  • Error Code: 0
  • DLG_FLAGS_INVALID_CA
  • DLG_FLAGS_SEC_CERT_CN_INVALID

How to Fix the Your Connection is Not Private Error

Sometimes you might not even know where to begin if you’re seeing a “your connections is not private” error. From our experience, these errors typically originate from two things: the first is a client-side issue (your browser, computer, OS), and the second is that there is an actual problem with the certificate on the website (expired, wrong domain, not trusted by the organization). So we’ll dive into a little of both.

Here are some recommendations and things to check to fix the error (sorted in order by most common reasons we see):

  1. Try Reloading the Page
  2. Manually Proceed (Unsafe)
  3. Are You in a Cafe or Airport?
  4. Check Your Computer’s Clock
  5. Try in Incognito Mode
  6. Clear Browser Cache and Cookies
  7. Try Clearing the SSL State on Your Computer
  8. Disable VPN and Antivirus Temporarily
  9. Make Sure the Certificate Hasn’t Expired
  10. Check Subject Alternative Domain
  11. Is the Certificate SHA-1?
  12. Is the Certificate Issued by Symantec?
  13. Run an SSL Server Test
  14. Update Your Operating System
  15. Reach out for Help
  16. Restart Your Computer

1. Try Reloading the Page

This might seem a little obvious to some, but one of the easiest and first things you should try when encountering a “your connection is not private” error is to simply close and re-open your browser and try loading the page again. It could be that the website owner is currently reissuing their SSL certificate or something was out of whack in your browser.

2. Manually Proceed (Unsafe)

Your second option is to simply manually proceed. However, we don’t ever recommend doing this unless you fully understand that nothing will be encrypted if you proceed. If you’re going to be entering in login credentials or entering payment details, by all means, skip to the next steps below.

We only include this option so we can explain the full ramifications of doing this. Seeing this error could very well mean that someone’s trying to fool you or steal any info you send to the server and you should typically close the site immediately. It is also possible that the website has been compromised and there is a malicious redirection. If you’re in a public place, never try to bypass this screen.

If you still want to proceed, there is usually a “Proceed to domain.com” link you can click at the bottom of the error screen. Depending on the browser this is sometimes hidden under the “Advanced” option. Note: If the website is using HSTS (HTTP Strict Transport Security) this option won’t be available as it means they have implemented an HTTP header which never allows non-HTTPS connections.

Connection error proceed anyways

Connection error proceed anyways

3. Are You in a Cafe or Airport?

This might sound odd, but cafes ☕ and airport Wi-Fi networks tend to be one of the most popular places that users see the “your connection is not private” error. Why? Because a lot of them are still not running everything over HTTPS, or if they are, it isn’t configured correctly. This usually pertains to the portal screen where you need to accept the terms and agreement to sign in. If you’re trying to connect to an HTTPS (secure) site before accepting the portal’s terms this error could pop up. Here are some easy steps to get around it.

  1. Connect to the cafe or the airport’s Wi-Fi.
  2. Browse to a non-HTTPS site, such as http://www.weather.com.
  3. The sign-in page should then open. You can accept the terms and then log in. Due to the fact that the terms are usually just consisting of a checkbox, you shouldn’t be too concerned if it isn’t running over HTTPS. Once connected you can then browse to sites over HTTPS. Tip: If you can’t get the sign-in page to open, you could also try typing 1.1.1.1 into your browser (source).

Remember, whenever you’re using public Wi-Fi a VPN can help protect you even further by hiding your traffic. Here are a couple popular ones you might want to check out:

4. Check Your Computer’s Clock

Another very common reason that you might see the “your connection is not private” error is that your computer’s clock is messed up. Browsers rely on these to be correctly synced up to verify the SSL certificate. This can easily happen if you just purchased a new computer, especially laptops on Wi-Fi for the first time. They don’t always sync up automatically after your first login. Below are the steps to update the time on your computer. Note: This can also happen on mobile devices.

Windows

  1. Right-click the time in the bottom right-hand task tray.
  2. Select “Adjust date/time.”

    Adjust date and time on PC

    Adjust date and time in Windows

  3. Select “Set time automatically” and optionally “Set time zone automatically.” This will update according to one of Microsoft’s NTP servers. Double check the time in the bottom right-hand task tray to make sure it’s correct. If not, you can click on the “Change” button to manually select a time zone.

    Windows time zone

    Windows time zone

  4. Close your browser and re-open it. Then try revisiting the website.

Mac

  1. From the Apple menu click on “System Preferences”
  2. Click the Date & Time icon. If the padlock appears at the bottom of the window you might need to click it and enter your administrator username and password.
  3. Select “Set date & time automatically.” This will update according to one of Apple’s NTP servers.
  4. Select the Time Zone tab. If it doesn’t determine your location automatically simply uncheck it so you can manually set it. On the map select your time zone region and city.
  5. Close your browser and re-open it. Then revisiting the website.

5. Try in Incognito Mode

Our next recommendation would usually be to clear your browser’s cache. However, that’s easier said than done for a lot of us. 😉 If you want to check if it might be your browser cache, without clearing your cache, you can always open up your browser in incognito mode. Or test another browser and see if you still see the “your connection is not private” error. Don’t rule out Chrome extensions either. But this will help you test that.

Open Chrome in Incognito mode

Open Chrome in Incognito mode

In Mozilla Firefox Incognito mode is referred to as “New private window.” In Microsoft Edge, it’s referred to as “New InPrivate Window.”

6. Clear Browser Cache and Cookies

If you think it might be your browser, clearing your browser cache is always a good troubleshooting step before diving into more in-depth troubleshooting. Below are instructions on how to do it in the various browsers:

7. Try Clearing the SSL State on Your Computer

Clearing the SSL state in Chrome is often overlooked but can come in very handy and is easy to try. Just like clearing your browser’s cache this can help if things get out of sync. To clear the SSL state in Chrome on Windows, follow these steps:

  1. Click the Google Chrome – Settings icon (Settings) icon, and then click Settings.
  2. Click Show advanced settings.
  3. Under Network, click Change proxy settings. The Internet Properties dialog box appears.
  4. Click the Content tab.
  5. Click “Clear SSL state”, and then click OK.
  6. Restart Chrome.
Clear SSL state

Clear SSL state

If you are on a Mac, see these instructions on how to delete an SSL certificate.

8. Disable VPN and Antivirus Temporarily

Sometimes VPNs and Antivirus software can conflict or override your network settings, including blocking certain SSL certificates or connections. If you have any running, try temporarily disabling them (closing them) or turning off their “SSL Scan” feature to see if it resolves the “your connection is not private” error in Chrome.

9. Make Sure the Certificate Hasn’t Expired

SSL certificates expiring without the website owner’s knowledge happens all the time. In fact, a lot more than you might think. Even to Fortune 500 companies! We were able to find this tweet below within a matter of a few seconds. No big deal, just Hungtington Bank forgetting to renew their SSL certificate. 😨

Typically this happens due to the following reasons:

  • The website owner doesn’t have auto-renew enabled with the domain registrar or SSL certificate provider.
  • Auto-renew is enabled but payment fails because the user has forgotten to update their payment method. Users typically change credits cards more frequently than they access their domain registrar’s dashboard throughout the year.
  • The website owner uses a free Let’s Encrypt certificate which expires every 90 days and they don’t have a script in place to renew it, or they forget. At Kinsta, we’ve automated this process so you never have to worry about your free SSL certificates expiring.

This results in an accompanying error code: NET::ERR_CERT_DATE_INVALID.

NET::ERR_CERT_DATE_INVALID

NET::ERR_CERT_DATE_INVALID

You can easily check a certificate’s expiration date by opening up Chrome DevTools while you’re on the site. Click on the security tab and click on “View certificate.” The “Valid from” dates will show in the certificate information.

Check SSL expiration

Check SSL expiration

Another quick and easy way to access a site’s SSL certificate information in Chrome is to click on the padlock in the address bar. Then click on “Certificate.”

Certificate info

Certificate info

10. Check Subject Alternative Domain

Each certificate has what they call the Subject Alternative Name. This includes all the domain name variations for which the certificate is issued to and valid for. It’s important to note that https://domain.com and https://www.domain.com are treated as two separate domains (just like a subdomain).

Subject alternative name

Subject alternative name

If you’re seeing an accompanying error code such as SSL_ERROR_BAD_CERT_DOMAIN, it could be that a certificate is not registered properly on both variations of the domain. This is less common nowadays as sites usually have HTTPS redirects in place. At Kinsta you can generate your free HTTPS certificate for both www and non-www.

Generate certificate for both variations of the domain name

Generate certificate for both variations of the domain name

11. Is the Certificate SHA-1?

SHA-1 is a cryptographic hash algorithm once commonly used by SSL certificates on the web. SHA-1 though has shown signs of weaknesses and therefore is no longer supported in any current browser. If a website is still using a certificate with this old algorithm the “your connection is not private” error will appear.

Most certificates now use SHA-256 hash algorithms. This can be found under the “Details” tab when inspecting a certificate on a website.

Certificate hash algorithm

Certificate hash algorithm

12. Is the Certificate Issued by Symantec?

Back in January 2017, the public was made aware of some bad practices on Symantec’s part when it comes to how they issued certificates. Essentially they didn’t comply with the industry standard CA/browser forum baseline requirements. It also turned out that they had been aware of this for some time. Because of this, browsers decided to no longer support certificates issued by Symantec.  If a website is still using a certificate issued by them the “your connection is not private” error might appear.

The timeline for this is still rolling out:

Using a Symantec certificate can result in the accompanying error code: NET::ERR_CERT_SYMANTEC_LEGACY.

ERR_CERT_SYMANTEC_LEGACY

NET::ERR_CERT_SYMANTEC_LEGACY

13. Run an SSL Server Test

If you’re not sure if everything is set up correctly on your website or someone else’s, you can always run an SSL server test. SSL/TLS certificates require not only your main certificate but also what they call intermediate certificates (chain) to also be installed. If you don’t have these set up properly, visitors could get a warning in their browsers, which in turn might drive them away. And depending on the browser and version, you may or may not see this warning if your certificate is setup incorrectly.

We recommend using the free SSL check tool from Qualys SSL Labs. It’s very reliable and we use it for all Kinsta clients when verifying certificates. Simply head over to their SSL check tool, input your domain into the Hostname field and click on “Submit.” You can also select the option to hide public results if you prefer. The scan might take a minute or two but it will show you all the fine details regarding a site’s SSL/TLS configuration.

ssl check a grade

Check out our in-depth tutorial on a couple things to check for when running an SSL test.

14. Update Your Operating System

Older operating systems fall out of date with newer technologies such as TLS 1.3 and the latest cipher suites as browsers stop supporting them. Specific components in the latest SSL certs will simply stop working. Google Chrome, in fact, pulled the plug on Windows XP back in 2015. We always recommend upgrading to newer operating systems if possible, such as Windows 10 or the latest version of Mac OS X.

Make sure your device is up-to-date on Windows, Mac, or another operating system.

15. Restart Your Computer

We know it’s annoying, but it has to be mentioned. 😬 If none of the above options work, trying restarting your computer and even your router. We realize many of you probably have hundreds of tabs or applications open and that’s why we made this one of the last options. But rebooting devices actually clears out a lot of temporary cache and hiccups.

16. Reach out For Help

Still seeing the “your connection is not private” error? Don’t be afraid to reach out and ask for help. If you see this on your own WordPress site, feel free to open up a ticket with our Kinsta support team. We can help you determine why this might be happening and if it is indeed an issue on your website itself.

The Google Chrome Help Forums can also be especially helpful! You can guarantee there are users that have already experienced the same error or bug, and are ready to help.

Summary

Browser errors are never fun and can sometimes be difficult to troubleshoot. Hopefully one of the tips above will help you resolve the “your connection is not private” error as quickly as possible. Remember, these are typically caused by something misconfigured on your own computer or with the certificate on the website itself.

Was there anything we missed? Perhaps you have another tip on troubleshooting the connection error. If so, let us know below in the comments.

The post How to Fix Your Connection is Not Private Error in Chrome (16 Tips) appeared first on Kinsta Managed WordPress Hosting.

Source: Security Feed

Share This