How to fix a “Your connection is not private” error

rybka

rybka

Disciple
Hi All,Friends whenever I try to visit some popular websites using chrome browser It gives an error that "Your connection is not private" and there is a link to browse unsafe, I want to know
How to Fix "Your Connection is not Private" Error on Browsers?
Mainly in Google Chrome.
browsing in incognito mode is the option.?
 
Can you specify the website and try those from Firefox as well?

The error message has got nothing to do with your system. It is most likely because of website's SSL certificate not being updated.
 
Whenever I try to open any website for the first time it gives the above error.
I have attached the picture of the current status of this website, I marked the red crossed address bar with the green color. Thanks
 

Attachments

  • tc.jpg
    tc.jpg
    225.3 KB · Views: 174
Are you seeing these errors since November? If so it might be related to Letsencrypt root certificate expiration. Although windows 7 is supposed to take care of that, some settings might have messed that up.


Easy way to check if its due to this is to check the certificate of websites where you're getting this error. If all of them are issued by letsencrypt (like TE) then it's the most likely reason. It's easy to fix if that's the case


https://letsencrypt.org/certificates/ download the two root certificates from this site and import them in windows.
 
After installing the certificates from the given link i.e. der namely,
1.isrgrootx1
2.isrg-root-x1-cross-signed
3.isrg-root-x2
4.isrg-root-x2-cross-signed
still the problem remains and it returns the same error. See i am attaching the picture of the website.
 

Attachments

  • tc_002.jpg
    tc_002.jpg
    78.6 KB · Views: 123
rybka said:
After installing the certificates from the given link i.e. der namely,
1.isrgrootx1
2.isrg-root-x1-cross-signed
3.isrg-root-x2
4.isrg-root-x2-cross-signed
still the problem remains and it returns the same error. See i am attaching the picture of the website.
Click to expand...
It's probably the older cert still messing around. Just to confirm, can you post the certificate info of the website, something like this(click on the padlock icon in the address bar-> view certificate->certificate path)

1641657406173.png
 
Ok I will tell you tomorrow right now I am on my mobile phone and have no access to my PC as it is off.
@j3rwin
In the site Certificate's first General tab it gives error that certificate has expired or is not yet valid.
In the second tab i.e. details-show: all there is a yellow sign in key usage and basic constraints.
In the third tab i.e. certification it says Ok.
See in the attached link, thanks in advance.
 

Attachments

  • C1.jpg
    C1.jpg
    422.9 KB · Views: 120
  • C2.jpg
    C2.jpg
    429.4 KB · Views: 122
  • C3.jpg
    C3.jpg
    441.4 KB · Views: 149
  • C4.jpg
    C4.jpg
    435.8 KB · Views: 107
  • C5.jpg
    C5.jpg
    415.2 KB · Views: 110
Last edited:
rybka said:
Ok I will tell you tomorrow right now I am on my mobile phone and have no access to my PC as it is off.
@j3rwin
In the site Certificate's first General tab it gives error that certificate has expired or is not yet valid.
In the second tab i.e. details-show: all there is a yellow sign in key usage and basic constraints.
In the third tab i.e. certification it says Ok.
See in the attached link, thanks in advance.
Click to expand...
Ah, got it now. The DST Root CA X3(the one which expired) is messing with the system(the last screenshot). Just remove that cert from windows cert manager, it should work fine.
 
j3rwin said:
Ah, got it now. The DST Root CA X3(the one which expired) is messing with the system(the last screenshot). Just remove that cert from windows cert manager, it should work fine.
Click to expand...
By using the command certmgr.msc in the run field and hitting enter key.
I found the list of all the certificates installed date and year wise.
I found DST Root CA X3 in two tab windows i.e. Trusted root certification authorities and also in Third Party certification authorities under certification tab.
Do I need to delete both of them? And also do I need to delete all the expired certificates installed in the OS? thanks.
 

Attachments

  • u2.jpg
    u2.jpg
    552.8 KB · Views: 111
  • e2.jpg
    e2.jpg
    555.3 KB · Views: 107
j3rwin said:
Yeah


Not really necessary. If you face some particular issue then delete that.


I missed this part. Remove these as well, just keep the self signed certs.
Click to expand...
Under Intermediate certification Authorities window I found the certificates issued by two authorities with the same name.How to identify the cross-signed one? I deleted the DST Root CA X3 certificate from both the tab windows.
 

Attachments

  • d2.jpg
    d2.jpg
    445.3 KB · Views: 121
rybka said:
Under Intermediate certification Authorities window I found the certificates issued by two authorities with the same name.How to identify the cross-signed one? I deleted the DST Root CA X3 certificate from both the tab windows.
Click to expand...
Check the issued by column or check the details tab. If the issuer is DST Root CA X3, nuke it.
 
After disabling and deleting the DST Root CA X3 certificate it appears again in the certificate manager window and the problem of site not secure with double underline on https: remains as it was. I uninstalled the chrome browser and deleted all the history, passwords, cache, cookies, extensions run ccleaner software and downloaded the fresh copy of the chrome browser but it is again giving same error. I also tried with the Brave browser there also it is giving same error.
 

Attachments

  • b1.jpg
    b1.jpg
    287 KB · Views: 102
That's really odd. Just to confirm, you can see the X1 cert in Trusted/Third party Root Certification Authorises right?
 
It appeares again and again after disabling and deleting it, in the trusted certificates window.
This is the current state of the certification window.
See:
 

Attachments

  • uc.jpg
    uc.jpg
    478 KB · Views: 107
rybka said:
It appeares again and again after disabling and deleting it, in the trusted certificates window.
This is the current state of the certification window.
See:
Click to expand...

j3rwin said:
That's really odd. Just to confirm, you can see the X1 cert in Trusted/Third party Root Certification Authorises right?
Click to expand...

I was talking about the ISRG X1 cert not the DSA CA X3.

I don't see it(ISRG X1) in the Trusted Root screenshot you just shared. Is it present in the Third Party Root Certificate? If it's not, add it manually to one of these places (by right click -> import i guess)
 
Now it is fine, I was simply left clicking from the mouse from the downloads so it went into the intermediate certification authorities, Now I went into the trusted certification authorities windows and by right click of the mouse after selecting import option I imported it from the downloads & now its all Ok, thanks alot. See the double signed cross error went off.
 

Attachments

  • tp.jpg
    tp.jpg
    518.3 KB · Views: 102
Back
Top