😅ERR_CERT_INVALID - An useless error in Chrome/Edge

May 3, 2023

Confusing error - ERR_CERT_INVALID

The ERR_CERT_INVALID problem is a kind of common issues in the browsers relates topics.
Although the message is showing the "problem root cause" - it relates to the server certificate of the site, but this error is not like other certificate/SSL NET:ERR with detail error message help you locate the problem.
No body can understand what’s the actual problem happens behind this error. There could be many reasons behind this error and cannot be identified in a short time. That’s also why you can see many articles introduce the workaround, but none of them can help you troubleshoot this problem.
notion image
In this case, users will not able to access the site even in Advanced information based on Chromium designment.
// The server responded with a certificate that is invalid. // This error is not recoverable. // // MSDN describes this error as follows: // "The SSL certificate is invalid." // NET_ERROR(CERT_INVALID, -207)
I can see many discussion in Chromium groups, about this frustrated error message - as it will show nothing helpful for troubleshooting.

Workaround for development

It’s easy to find a way to bypass this restriction on Internet, the cert verification will be ignored typing thisisunsafe secrets when the mouse cursor focusing on the tab. This could be taken as a workaround of the problem.

Identify the root cause

If you want to know the root cause of the issue as a site administrator, you can refer below ways to investigate on the browser side.
  • The chrome://net-export (same in Edge, just change chrome to edge) logs could be helpful. In the net-export logs, filter CERT_VERIFIER_TASK steps and check if there is any ERROR message in the log.
notion image
  • Run below command to execute Chrome Incognito/Edge InPrivate with verbose logs. The SSL relates problem will display here.
# Chrome chrome --enable-logging --v=1 -incognito # Edge msedge --enable-logging --v=1 -inprivate
notion image
  • If the problem relates to unexpected client-side HSTS checking, please try to delete the HSTS domain entries in chrome://net-internals to avoid the error.

Best practice of the site certificate

To scan the potential site certificate problems is using the Cert Linter (just like Linter of JavaScript). It will check the certificate status to improve the compatibility of the certificate.
  1. A good HTTPS practice should pass all check rules.
  1. Edge Business doc also provides such information that including common scenario. Changes to Microsoft Edge browser TLS server certificate verification | Microsoft Learn

lucky_bricks © 2018 - 2024