How to Fix “Your Connection Is Not Private” Error on WordPress
The “Your Connection Is Not Private” error (also displayed as “NET::ERR_CERT_DATE_INVALID,” “NET::ERR_CERT_AUTHORITY_INVALID,” or “SEC_ERROR_EXPIRED_CERTIFICATE” depending on your browser) means your SSL certificate is either expired, misconfigured, or not trusted by the visitor’s browser. The most common fix is to renew your SSL certificate through your hosting provider — most modern hosts offer free Let’s Encrypt certificates with automatic renewal, so the first step is checking whether auto-renewal failed.
This error is devastating for business websites. Browsers display a full-screen warning page that most visitors will not click through — they will simply leave. Google Chrome shows “Attackers might be trying to steal your information” in large text, which scares away even tech-savvy visitors. For ecommerce sites, this error on any page — but especially the checkout — effectively shuts down your business until it is resolved.
What Causes the “Connection Is Not Private” Error?
Expired SSL certificate. SSL certificates have an expiration date — typically 90 days for Let’s Encrypt certificates or 1 year for commercial certificates. If your certificate expires without renewal, browsers immediately begin displaying the privacy error on every page of your site.
SSL auto-renewal failure. Let’s Encrypt certificates expire every 90 days and rely on automated renewal. If the renewal process fails — due to a DNS change, a hosting migration, a misconfigured server, or your hosting provider’s renewal system encountering an error — the certificate expires and the error appears.
SSL certificate not installed for your domain. If you recently added your domain to your hosting (new site, migrated site, or added a subdomain) but did not install an SSL certificate for it, the site may serve without HTTPS or may use a default/shared certificate that does not match your domain name — triggering the “certificate mismatch” variant of this error.
Domain name mismatch. Your SSL certificate covers specific domain names. If your certificate covers yourdomain.com but a visitor accesses www.yourdomain.com (or vice versa), and the www variant is not included in the certificate, the browser will reject the connection. Similarly, a certificate for yourdomain.com does not cover subdomains like shop.yourdomain.com unless it is a wildcard certificate (*.yourdomain.com).
Incorrect server time. SSL certificate validation is time-sensitive. If your server’s clock is significantly wrong, certificates that are actually valid may appear expired or not-yet-valid. This is rare on modern hosting but can occur on misconfigured VPS or dedicated servers.
Intermediate certificate missing. SSL certificates rely on a “chain of trust” — your certificate is signed by an intermediate certificate authority, which is signed by a root certificate authority. If the intermediate certificate is not installed on your server, browsers cannot validate the chain and will display the privacy error even though your leaf certificate is valid.
Step 1: Check Your SSL Certificate Status
First, determine whether your certificate is expired, misconfigured, or missing entirely. Visit your site in Chrome. Click the padlock icon (or the “Not Secure” warning) in the address bar. Click “Connection is not secure” → “Certificate is not valid” to view certificate details. Check the “Valid from” and “Valid to” dates. If “Valid to” is in the past, your certificate has expired — proceed to Step 2. If the certificate details show a different domain name than yours, there is a domain mismatch — proceed to Step 3.
You can also check externally using SSL Labs’ SSL Test (ssllabs.com/ssltest/). Enter your domain and it will show the complete certificate chain, expiration dates, trust status, and any configuration issues.
Step 2: Renew or Reinstall Your SSL Certificate
Free Let’s Encrypt Certificates (Most Common)
If your hosting provides free Let’s Encrypt SSL (most modern hosts do — cPanel, Plesk, Cloudways, SiteGround, Hostinger, etc.), renewal is typically automatic. If auto-renewal failed, log in to your hosting control panel, navigate to the SSL section (in cPanel, look for “SSL/TLS Status” or “Let’s Encrypt”), and click to reissue or reinstall the certificate. If the reissue fails, check for error messages — common issues include DNS not pointing to the hosting server (if you recently changed DNS providers or nameservers), domain validation failure (Let’s Encrypt needs to verify you own the domain via HTTP or DNS challenge), and the .well-known/acme-challenge directory being blocked by security rules or a maintenance plugin.
Commercial SSL Certificates
If you purchased an SSL certificate from a certificate authority (DigiCert, Comodo/Sectigo, GeoTrust, etc.), log in to the certificate vendor’s portal to check renewal status. Renew the certificate, complete the domain validation process, download the renewed certificate files, and install them on your server through your hosting control panel’s SSL manager.
Cloudflare SSL
If your site uses Cloudflare and the SSL certificate managed by Cloudflare has expired, check your Cloudflare dashboard → SSL/TLS → Edge Certificates. If the Universal SSL certificate is listed but has an issue, try disabling and re-enabling Universal SSL. Also verify your Cloudflare SSL mode — “Full (Strict)” requires a valid certificate on your origin server as well. If your origin certificate has expired, you can generate a free Cloudflare Origin Certificate (valid for up to 15 years) from the Cloudflare dashboard → SSL/TLS → Origin Server → Create Certificate.
Step 3: Fix Domain Name Mismatch
If your SSL certificate does not include all the domain variations visitors use to access your site, you will see a certificate mismatch error. Common scenarios include certificate for yourdomain.com but visitors accessing www.yourdomain.com (or vice versa), certificate for main domain but not for subdomains, and certificate issued for a different domain entirely (can happen after a hosting migration if the old site’s certificate was left in place).
Fix: Reissue your SSL certificate to include all necessary domain variations. Most Let’s Encrypt tools allow you to specify multiple domains (SAN — Subject Alternative Names) in a single certificate. At minimum, include both yourdomain.com and www.yourdomain.com. For subdomains, either add each one explicitly or use a wildcard certificate (*.yourdomain.com).
Additionally, set up redirects so that all domain variations resolve to a single canonical version. If your site uses yourdomain.com (without www), redirect all www.yourdomain.com requests to yourdomain.com — and vice versa if you prefer the www version. This eliminates the mismatch by ensuring visitors only ever reach the domain your certificate covers.
Step 4: Install the Intermediate Certificate
If SSL Labs reports a “chain incomplete” or “extra download” warning, your server is missing the intermediate certificate. The intermediate certificate bridges the trust between your site’s certificate and the root certificate authority that browsers trust by default.
Download the intermediate certificate (also called CA bundle) from your certificate provider’s documentation page. Install it in your hosting control panel’s SSL manager alongside your site’s certificate. In cPanel, there is a specific field for “Certificate Authority Bundle (CABUNDLE)” when installing an SSL certificate — paste the intermediate certificate there.
After installation, test again with SSL Labs to verify the chain is complete.
Step 5: Fix WordPress URL Settings for HTTPS
After resolving the certificate issue, ensure your WordPress site is properly configured for HTTPS. Verify both “WordPress Address (URL)” and “Site Address (URL)” in Settings → General use https://. Add an HTTP-to-HTTPS redirect in .htaccess so visitors accessing the old HTTP URLs are automatically redirected to HTTPS. Fix any mixed content — resources still loading over HTTP on your HTTPS pages. See our guide on changing your WordPress URL for the complete process.
Step 6: Clear Browser and CDN Caches
After fixing the certificate, the error may persist in your browser due to cached security data. Clear your browser cache completely and restart the browser. In Chrome, you can also clear the HSTS cache specifically by visiting chrome://net-internals/#hsts, entering your domain under “Delete domain security policies,” and clicking Delete.
If you use a CDN like Cloudflare, purge the CDN cache as well — the CDN may be serving cached pages that reference the old, invalid certificate.
Frequently Asked Questions
Can visitors bypass the “Connection Is Not Private” warning?
In most browsers, visitors can click “Advanced” and then “Proceed to [site] (unsafe)” to bypass the warning. However, very few visitors will do this — the warning is intentionally alarming, and proceeding past it is technically unsafe. Do not rely on visitors bypassing the warning. Fix the underlying SSL issue immediately.
Will this error hurt my SEO?
Yes, in multiple ways. Google uses HTTPS as a ranking signal — a broken SSL certificate effectively removes that signal. If Google’s crawler encounters the error, it may stop indexing your pages. And if the error persists, your site will lose visitors (and the engagement signals that come with them), which indirectly hurts rankings further. Fix it as soon as possible.
I see this error only on some pages, not all. Why?
If only some pages show the error, the issue is likely mixed content rather than a certificate problem. Your SSL certificate is valid, but some pages load resources (images, scripts, fonts) over HTTP, which triggers a less severe security warning. See our mixed content fix guide.
My SSL was working yesterday and broke today. What happened?
The most likely cause is certificate expiration — Let’s Encrypt certificates expire every 90 days. If auto-renewal failed silently, the certificate expires without warning. Check your certificate’s “Valid to” date. Less commonly, a hosting server migration, a DNS change, or a hosting provider configuration change can disrupt SSL. Contact your hosting provider if the certificate is not expired but the error appeared suddenly.
Can I get a free SSL certificate?
Yes. Let’s Encrypt provides free, automated SSL certificates that are trusted by all major browsers. Most hosting providers include Let’s Encrypt integration — check your hosting control panel for “SSL” or “Let’s Encrypt” options. Cloudflare also provides free SSL as part of their free plan.
Need Expert Help? Let WP Ministry Handle It
SSL certificate issues can be urgently damaging — every minute the error is displayed, you are losing visitors, trust, and potentially revenue. Our 24/7 team can diagnose and resolve SSL issues quickly, including certificate renewal, chain configuration, domain mismatch, and mixed content cleanup.
Call (901) 249-0909 for immediate assistance. Our security service, included in every care plan, monitors your SSL certificate status and handles renewals proactively — so you never see this error in the first place.
Related Articles
How to Fix the WordPress “Mixed Content” Warning (HTTP to HTTPS)