Skip to content


Don’t Let Replacing the Expired DST Root CA x3 Bring You Down

If you are using an older Mac OS X version to browse the web, it’s likely that you recently started seeing "NET::ERR_CERT_DATE_INVALID", "Your connection is not private", "Clock expired privacy issue", "Safari can’t verify the identity of the website", or a similar error in your browser, when trying to visit sites that should be safe.

The error is probably occurring on your older computer because the popular certificate DST root ca x3 from the certificate authority Let’s encrypt expired on September 30, 2021. You need its replacement isrg root x1 to resolve the NET::ERR_CERT_DATE_INVALID error.

Your computer has a list of certificates that allow it to verify the authenticity of the websites you visit. OS updates usually include the latest batch of certificates required to verify most websites you might visit. However, you can also manually add certificates to your computer’s certificate store.

Manually Adding Certificates on Mac OS El Capitan

Here is how to add the isrg root x1 certificate on Mac OS El Capitan. The process is very similar on other Mac OS versions as well.

Step 1: Get the legit isrg root x1 certificate from Let’s encrypt by visiting If the Lets Encrypt site itself is marked as insecure for you, you can download it from here: (don’t make downloading certs from websites a habit though).

Don’t let the encoding of the file intimidate you.

Step 2: Save it by right-clicking on the page and clicking save as (or if in Safari, click File > Save as ).

Step 3: Save it as a .pem file (remove the .txt extension).

You now have a file that looks like this:

Step 4: Open the file. The file opens with Mac OS’s certificate store called Keychain Access.

If it doesn’t open with KeyChain Access, then open the KeyChain Access app manually by either searching for it via Spotlight ? or finding it in the Utilities App Folder. Then drag and drop the .pem file into KeyChain Access.

Step 5: Click "confirm" or "yes" on any dialogue about whether or not you want to add the certificate, and when presented with the screen with a prompt that says you can choose whether to add the certificate for one user or the entire "System" (all users), choose "System" in the "Keychain" drop-down to fix the error for all users.

Step 6: Now, we need to mark it as trusted.

Find it in the certificates, and open it. Under the Trust drop-down ? (double click to open), set the SSL field as always trusted.

Step 7: Close and save.

Wrapping Up!

You should be able to use SSL (HTTPS) with it now! is a site that you wouldn’t be able to visit without SSL backed by isrg root x1, so give it a try.

Want More?

Need more information on fixing errors like "NET::ERR_CERT_DATE_INVALID"? Check out Mark Michaelis’ quick fix for the NETSDK1004 compile error. Curious about the software development work IntelliTect does? Check out our innovative products to see what software solutions we offer that solve your real-world issues.

Does Your Organization Need a Custom Solution?

Let’s chat about how we can help you achieve excellence on your next project!

87 thoughts on “How to Fix the NET::ERR_CERT_DATE_INVALID Error”

  1. Just restored an old MacBook Pro and installed chrome and this worked brilliantly. Thanks for allowing me to use chrome once more on a 10 year old laptop that was destined for the trash.

  2. Wow! Very Thankful this worked. I am using a 2008 iMac, now running with OS X 10.11.6 – El Capitan. The exact screens in my Key Chain app were slightly different. Yet using this information I was able to get my ISGR Root X1 certificate to be trusted.

  3. Thank you, this works perfect for me, using old macbook 2007 that could no longer update. fine explanation, easy to follow. Thanks again.

  4. Mil gracias!! Llevaba mucho tiempo con este problema y no encontraba como solucionarlo. Por fin lo he podido solucionar :) QUE GRANDE!!

  5. Oh my gosh Thank you! Why do i feel like a computer genius now?

    Im on a vintage 2007 iMac and i couldn’t figure out why this was happening to every single site i went to. I couldn’t even look for jobs on Indeed (not complaining, work is trash) which is when i decided to figure this out. My time and date settings were accurate too so i was stumped. Until the sky cleared and Austen descended from “the cloud”.

    Thank you so much. Im off to apply for a cyber security job now. Wish me luck!

  6. First of all, thank you so so much! I followed the guide to precision with success. I am on a vintage Macbook (10.11.6 OS X El Capitan). I have gotten this NET::ERR_CERT_DATE_INVALID for every site – in Chrome only though – for year probably a year now since the mentioned certificate expired

    Have searched around for solutions, and even tried to recruit something to sort it out. When one applicant told me it had to do with certificates, I decided to search more in detail. I came through great many articles but not until I read this one I solved it

    Only one comment though. At least on my Macbook one shall DRAG AND DROP the .pem file into the Keychain Access to actually add it, and not just open it from say desktop. Moreover, to find the Trust down menu I doubled clicked on it, which also were not so apparent, but awesome articles thanks so much!

  7. Thank you so much!!! Was a really annoying problem I had and it is now solved, and really well-explained step by step :)

  8. Hi I have downloaded and saved the pem file, however I get this An error occurred. Unable to import “ISRG Root X1”.

    Error: 100001

    So wonderful for you to helping so many, any further assistance would be invaluable.

  9. Muchas gracias por toda la información, no me dejaba seguir todos los pasos pero al final pude (no se como) añadirlo como certificado de confianza y el problema está resuelto…

    Muchas gracias

  10. Muchisimas gracias, pude entender mejor cómo debía solucionar el problema y lo logré, muchisimas gracias por la información. <3

  11. Muchisimas gracias, pude entender mejor cómo debía solucionar el problema y lo logré, muchisimas gracias por la información. <3

  12. I am so appreciative of this post, been looking for a fix for months and stumbled across this today – the instructions are super clear and worked perfectly. Finally I can go back to browsing without any frustration. I’m so relieved. THANK YOU!

  13. I had to do this and it worked. It automatically opened (with no prompts) in the “login” folder and was able to unlock “System” and drag it there, I also was having the issue that Erik Svensson (below) was having with the file being “removed” when trying to open it from Chrome. When I switched from Chrome to Safari, it dowloaded successfully to .txt then I switched it to .pem. Thank you so much for this, I’ve been trying since end of September and thought it was my new iphone settings that I bought the same day. You are so appreciated.

  14. Damn this was a very good help, Out of Google help I got NOTHING! Like blow away your computer and reinstall everything, yeah right… I need to run El Capitan 10.11.6
    It has been so annoying this certificate error, but solved with your help

  15. When I open the file it gives me this error message in the Keychain Access Window. It also gives me this message when I drag the file into the window: “The “System Roots” keychain cannot be modified. To change whether a root certificate is trusted, open it in Keychain Access and modify its Trust Settings. New root certificates should be added to the login keychain for the current user, or to the System keychain if they are to be shared by all users of this machine.” What should I do now? Thanks!

    1. Hey, my first thought is that your user may not be an admin user on the computer so you cannot modify the “system roots” keychain. So you could first try opening Keychain Access and then clicking the padlock icon to unlock the “System Roots” keychain – you will be able to unlock only if an admin. Then drag the cert into the Certificates list. Here is a visual aid screenshot: . If that doesn’t work, try installing the certificate not at the system level, but at the “login” or user level. It will still work for your user profile. If you have further difficulties, feel free to comment.

  16. Thank you SO, SO much!! Been looking for a fix for this for 4 months now on my MacBook Pro, and your post is the first straightforward successful answer I’ve found… finally back to browsing bliss. You’re a lifesaver!

  17. Thank you so much for this guide! This cert date error has been a pain for the past month or so and I’m just so relieved it’s fixed now. The guide was super easy to follow, too.

  18. Thank you so much for these simple instructions! I was nervous to try, but had to try to fix this frustrating problem. Finally, no more problems.

      1. This is happening to me too. When I save as .pem it downloads but then says removed when I go to open the file. It does not show as a certificate file like you have shown above. Any idea why my mac will not save as .pem?

        1. hmmm… interesting. So when you click on the file in your Download’s folder in Finder it says file not found? Finder shouldn’t show files that don’t exist. From what you are describing though it sounds like you are trying to open the file from Chrome or Safari. Try opening it from Finder if you haven’t already. Happy to help out if you are still having difficulty.

          1. Also you can try saving it just as it is as .txt. Then rename the file after its downloaded, by finding it in Finder, right clicking it and selecting “get info”, and then changing the .txt to .pem.

          2. Facing a similar situation. Each time I go to Finder and click on the certificate, I’m told the file cannot be found.

            1. Perhaps try copying the certificate text. Open the Text Edit app and paste the certificate text there. Then save the file with the .pem extension. it will default save it as .txt -> so remove the .txt and replace with .pem .

    1. I found it frustrating and rather difficult to figure out why exactly many websites didn’t work.
      Then it was surprisingly hard to find a tutorial on how to fix these certificate issues, but your fix is easy to follow and works PERFECTLY.
      Additionally, this Reddit thread may be helpful too, it uses a very similar way and also explains that you can save your isrg certificate under “system” in the keychain access app to also fix other user accounts on the same Mac:
      Thank you so so much!!!

    2. This has finally resolved an error where it has nearly caused me to purchase a new mac laptop.
      Hoping to assist others in finding this page, I wanted to list the other search phrases I used which were not as helpful, until I finally stumbled upon this resolution:
      Can’t load page,
      Clock expired privacy issue,
      Your connection is not private,
      Attackers might be trying to steal your information,
      Automatically send some system information and page content to Google to help detect dangerous apps and sites


    3. Dear Austen,
      I know we are not alone with this problem……
      YOU solved
      We thank you sooo much for given this Key to us.
      Chrome is back on our MacBook Pro (2012)
      Thanks again and all best wishes to you
      from Marion&Martin

    4. Hey! I cannot express to you how many websites and tutorials I’ve been to over the past few days, which just did not work time and time again. This one, whilst kind of seeming scary to an amateur, did work straight away! Thanks a lot :D

    Leave a Reply

    Your email address will not be published. Required fields are marked *