404Buddy

Error fix

How to fix “NET::ERR_CERT_AUTHORITY_INVALID

The browser does not trust the certificate chain—self-signed, wrong hostname, or missing intermediate.

More in this category →

Updated Apr 20, 2026

Tools that help with this

Fastest fix

Start here first. Step 1 fixes most cases—then work down the list.

  1. Install publicly trusted certs from a major CA or fix chain bundles on the server.
  2. Match certificate SANs to the hostname users type.
  3. For local dev, use mkcert or trusted dev certificates instead of click-through ignores.

What this means

TLS succeeded at the protocol level but trust validation failed before showing the page.

Common causes

  • Untrusted CA

    Self-signed certs in prod, corporate MITM without imported root, or incomplete chain.

  • Name mismatch

    Certificate issued for a different hostname or missing SAN.

Step-by-step fix

  1. Fix trust

    1. Install publicly trusted certs from a major CA or fix chain bundles on the server.
    2. Match certificate SANs to the hostname users type.
    3. For local dev, use mkcert or trusted dev certificates instead of click-through ignores.

Related

FAQ

Works in curl -k?
That skips verification—fix the chain for real users.
Expired cert?
Renew and automate with ACME; monitor expiry alerts.
Only Android old versions?
Ensure modern roots and TLS; update device trust store or user agent.

Fix related issues

Still stuck? Try these related fixes next.

Edit your error

Tweak the message and run again—we'll match an existing fix or generate a new page.

Original error message
NET::ERR_CERT_AUTHORITY_INVALID
Fix another errorHTTP status codesURL status checkerRedirect checkerAll tools