Chrome complains about HSTS
returns a giant red padlock with a NET::ERR_CERT_DATE_INVALID response
TLS (HTTPS) certificates are valid for a specific time, usually for 1-3 years starting with the moment they were issued. The error message is saying that the website's certificate is not valid for the current date according to your computer's clock.
When that happens for many websites at once & across two different browsers, it's usually because your computer's clock has no clue about what the current date is. E.g. it's possible that it was accidentally set to year 2014, or an old CMOS battery caused it to reset to year 2001.
Check time.is for the current time. (Chrome used to detect such clock misadjustments and show a much clearer error message, but apparently that doesn't always work.)
Related videos on Youtube
04 : 24
03 : 02
02 : 17
02 : 07
03 : 40
TheAcolyte
Updated on September 18, 2022Comments
-
TheAcolyte over 1 year
As of April 13, navigating to Facebook returns a giant red padlock with a NET::ERR_CERT_DATE_INVALID response. Like, a really big padlock.
The error message seemed descriptive enough, so I pulled up Facebook in Mozilla, only to hit a similar problem. There are a lot of sites that suddenly seem to violate Mozilla's security standards.
Some users have resolved the issue (Mozilla-specific) by deleting a specific file and restarting Firefox. That didn't solve anything for me, and Chrome is still my overarching goal here.
Visited a couple fishy sites over the past week, so I checked my processes and scanned with my favorite antivirus. Oddly enough, my computer is running at 40% memory usage. Then again, memory leaks and W8 have been close friends since the caveman's fire. I doubt that's the issue, but memory usage does spike significantly when I have Chrome open.
The bottom of the Chrome error message says:
You cannot visit www.facebook.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
What's the likely explanation? Does the problem lie with Facebook servers or my machine? I'm inclined to think this is a temporary miscommunication and not a planned attack.
Chrome version 41.0.2 Windows 8, 64-bit
-
Ramhound about 9 yearsChrome 42 is the current version go ahead and upgrade. Verify your root CAs only include the default root CAs, if have any security software which performs a MiTM attack on your secure connections you should disable that also.
-
-
jww over 7 yearsFor time checking, I think Chrome switched to a proprietary Roughtime. Also see Ben Laurie's message on the SAAG mailing list at software update for teeny-weeny devices; and the follow up at Roughtime (Was: software update for teeny-weeny devices).
