Are you trying to fix Your Connection Is Not Private error in Google Chrome? To get rid of this irritating problem, you can follow my step-by-step guide in this article. But first, let me explain a bit further regarding this error, such as what it is and why it shows in Google Chrome browser, or any other web browsers.
As the cyber world becomes more and more dangerous, we also need to protect our personal information better, and so do technology companies. Currently, most web browsers always warn users when they visit dangerous websites, and this "not-private" error is one of those cases.
Back in the olden days, most websites used the HTTP protocol to transfer content from the webserver to the browser and vice versa. However, this is not secure because the transmitted data was not encrypted, even login details, personal information, or credit cards. Thus, attackers may take advantage of several security holes and peek at this data while it is transmitting.
Too risky, right?
But all have changed since Google announced that they uses the HTTPS protocol as a factor to evaluate rankings on their search results page. As a result, many websites switched from HTTP to HTTPS to benefit. By using HTTPS, all data will be encrypted by the web browser before sending it to the webserver and vice versa. Therefore, your personal information will be more secure, and you will be less worried. However, that does not mean that it will never be hacked because you have used the HTTPS method. That is a completely different aspect. Hackers can exploit your information from a variety of sources, not just one place.
Your connection is not private
Attackers might be trying to steal your information from testsslerror.bytebitebit.com (for example, passwords, messages, or credit cards).
NET :: ERR_CERT_COMMON_NAME_INVALID
This is an example of a SSL/TLS error message in Google Chrome
Websites with HTTP are not safe anymore, and we need to stay away from them. Well, that is not quite true. If you visit a website to read an article or find some essential information, then HTTP or HTTPS is not that important. The reason is that the website does not ask you to provide any personal information, so you do not need to worry about your information being exposed. If you want to dig deeper into HTTP and HTTPS, then read this article of mine.
What Is Your Connection Is Not Private Error?
Put simply; this error occurs when your web browser cannot verify whether the website you are visiting is secure. Thus, the connection between your browser to the webserver is not private, and the data is visible to anybody who has access.
Technically, when a web browser connects to an HTTPS server, it will receive a TLS certificate and then check whether it is valid. The connection will be marked as secure when both the following conditions are met:
- the owner's information needs to match the server name that the user requested.
- the TLS certificate needs to be issued by a trusted certification authority.
If one of these requirements is not met, the web browser will inform users about the issue and try to prevent you from reaching the site. This is the reason why you sometimes see this error while surfing websites.
Note: Sometimes, you notice someone mentioned about SSL, but sometimes the other call the same thing is TLS. So what are they? Honestly, they are the same thing, and both terms can be used interchangeably in many aspects. TLS or Transport Layer Security is the latest version of SSL, which is more secure. We should use the TLS term, but SSL has become the most commonly used term, and so people prefer to use it.
Why Does Your Connection Is Not Private Error Show In Your Browser?
This is a security feature of most nowadays web browsers, which will inform you about insecure websites by displaying an error message, as above. However, each browser has a different way of warning their users about untrusted websites. For example, Mozilla Firefox displays "Your Connection Is Not Secure" when a user visits an unsecured website. Meanwhile, Microsoft Edge shows users this sentence: "Your connection isn't private".
There are many possible reasons to cause this error on your computer, for example, an expired DNS cache, web browser cache, antivirus software, firewall, or even a wrong date and time. Sometimes, you will easily find out the main cause based on the sub-code, as I mentioned above. But in most cases, you have to apply all available solutions until the problem is fixed.
Why Does Your Connection Is Not Private Error Occurs In My Website?
Your website gets this error for several reasons, including the certificate is not issued by a trusted organization, the certificate is expired, or has been set up incorrectly. Regardless of the cause, confronting this issue is annoying. It leads to a massive loss in business because potential customers definitely choose to leave. That is why you need to act as quickly as possible to solve the problem and restore your website. You can use the "Table of Contents" section to go to the appropriate section below quickly.
Nevertheless, I would recommend that you check your website by using another computer or your smartphone. If this error still appears, then you should act quickly to fix it. Otherwise, there is probably something that happened with your current device or browser.
Ways To Fix Your Connection Is Not Private Error In Browsers
Most people might not even know what they should do when confronting this issue. Luckily, the ways to get this error fixed are not too hard to follow. We will take you through these solutions now so you can resolve them as quickly as possible. But please remember that these solutions will only work on your computer or smartphone; they cannot fix the problem on the server-side. In that case, you have to wait until the website's owner fixes their end.
There are many possible reasons to cause this error on your computer; for example, an expired DNS cache, web browser cache, antivirus software, firewall, or even a wrong date and time.
Depending on the web browser you are using, you may see different error codes. Sometimes, you will easily find out the main cause based on these codes. But in most cases, you have to apply all available solutions until the problem is fixed.
Make Sure The Website URL You Visit Is Correct
If you click on a link from somewhere (a website you are currently reading, a directory website, or a blog) and it goes to this error page, then you should do a double-check and make sure the website URL is correct.
In most cases, the content creator inserted a wrong website address, which led to this error. Instead of using http://www.domain.com, they inserted https://www.domain.com and forced users to visit an HTTPS version that does not exist. That is the reason why your browser gives you a warning and stops you at the error page. Therefore, you can simply switch from the HTTPS version to HTTP (http://www.domain.com, for example).
Check Your Computer's Date And Time
When the date and time of your computer are incorrect, your browser cannot validate TLS certificates. Therefore, it will warn you that the website you are visiting is insecure.
To make this error disappear, you have to check the date and time of your computer or smartphone again and adjust it. After adjusting, this issue should be gone immediately. Sometimes, you need to clear the cache of your browser and restart your computer.
Check Your Antivirus Software
Most antivirus apps have a function called HTTPS scanning that assists users to detect and fight against malware delivered through HTTPS traffic when they browse the web. That is the reason why sometimes, a specific website you would like to load, is blocked. So it is understandable why you get this kind of error: Your connection is not private, in your browser.
To get rid of it, you need to turn off this feature on your antivirus software.
Should you turn off antivirus HTTPS scanning? Is it good?
In fact, many users have asked a lot of similar questions, for example:
- Is HTTPS scanning effective?
- Is the probability of getting a malicious application from an HTTPS secured website high enough to use this function?
- Is the method that it uses secure?
Because many continuing controversies are surrounding this subject, there is no final answer. Everyone always defends their own point of view. Personally, this feature is useful in some cases but is not essential to me. Web browsers have done a lot so far to make your HTTPS connections more secure. So I think we should not mess with it, and just turn it off. If there is a chance that malware can spread through a TLS connection, I still have the most effective anti-malware on my computer to fight against it.
In a few cases, VPNs can conflict with your network settings, including blocking a particular certificate or an entire connection. If you are using any VPN connection, temporarily disable it to test whether the error remains.
Keep Visiting That Website With An Insecure Connection
You can easily ignore this error and visit the website you want with a simple step like below. But I would not recommend doing this unless you explicitly know what you are doing.
To go further, look at the ADVANCED link on the bottom of the error page. When you click on it, there would be another link like Proceed to domain-name.com(unsafe) will appear.
By clicking on it, you can quickly bypass Your Connection Is Not Private error in the web browser with two simple steps.
You should only use this solution if you are sure the website you’re attempting to visit is safe. Use it as a temporary method because this error will not disappear automatically unless the root cause is fixed.
Until then, never input any personal information, such as email and passwords, credit cards, bank accounts, date of birth, SSN, or any sensitive information on such websites.
Turn Off TLS/SSL Certificate Checking / Validating
Unlike the above method, this is a bit negative because it will turn off the entire TLS certificate checking & validating feature on your web browser. Therefore, no certificate will be validated at all.
Google Chrome
To turn off this feature on your Google Chrome browser, type chrome://flags in the address bar and then press Enter.
In the textbox search, input "insecure", and there will be an option called: Allow invalid certificates for resources loaded from localhost. To turn off HTTPS certificate validating, enable this option, and restart your browser.
Mozilla Firefox
If you are using Mozilla Firefox and would like to prevent it from automatically rejecting invalid certificates, then access the advanced settings section by typing about:config in the address bar and press Enter.
There will be a prompted message: Changing advanced configuration preferences can impact Firefox performance or security. You need to click on Accept the Risk and Continue button to get inside the advanced settings.
Search for browser.ssl_override_behavior in the "Filter" box. When it shows up, double-click on it and adjust its value from "2" to "1". Click on the OK button to confirm the change and restart your browser. After that, your Mozilla Firefox browser no longer warns or blocks access to sites that have invalid SSL certificates.
Are you not using Google Chrome or Mozilla Firefox? Let's find out how to turn off the SSL validate process and disable invalid SSL warnings in all other browsers.
Nevertheless, I would not recommend using this solution all the time. It should be used as a temporary solution for testing or developing websites or apps. Forcing your browser to accept invalid certificates could potentially expose your computer to malware from spoof websites.
Ignore SSL Certificate Error Warning Or Blocking From Your Browser Shortcut
Besides adjusting advanced settings to bypass invalid certificate validating, you can also add the "-ignore-certificate-errors" tag into your browser shortcut. It works like the above method to ignore all the invalid certificate warnings (or blocking) of all websites. This change is effected permanently until you adjust it back to normal.
Navigate to your computer screen and locate the Google Chrome shortcut. Right-click on it and select Properties -> Shortcut. In the Target field, add the -ignore-certificate-errors tag right after /chrome.exe, and then press the Apply and OK button.
Restart your Google Chrome browser to see whether the error disappears.
Again, I would not suggest using this method unless you are sure that the websites you are browsing right now and in the future are going to be safe.
Disable Extensions On Your Browser
You may have (accidentally) installed several browser extensions that will filter and block strange HTTPS connections, resulting in Your Connection Is Not Private error. For example: Avast Online Security, HTTPS Everywhere, Norton Identity Safe, Windows Defender, DotVPN, and many more.
Let's go to Add-ons or Extensions section on your browser and temporarily disable them to verify.
In Google Chrome, you can click on the menu (three vertical dots on the top right corner, at the edge of the address bar) and access "More tools" -> "Extensions."
In Mozilla Firefox, go to Tools -> Add-ons to view installed extensions. You can also access this section by pressing Ctrl + Shift + A combination.
It depends on which operating system you are using; it will be a bit different when accessing the Add-ons or Extensions section.
When you access this section, you will see a list of extensions you have installed. Just temporarily disable them and restart your web browser to see whether the website opens normally or is still displaying an error.
Clear Browsing Data, Cookies, And Cache On Your Browser
If the above solutions do not work, try to clean all the browsing data, cookies, and cache on your web browser. Sometimes, an expired cache version of a website will prevent your browser from loading the latest one, causing this error. So, cleaning up all these data is the best way to find out the cause.
To clear these data in Google Chrome, click on the menu icon and access More tools -> Clear browsing data. You can quickly access this feature by pressing Ctrl + Shift + Del.
In the next step, select three options (Browsing history, Cookies and other site data, Cached images and files) as the following image and then click on the Clear data button.
Restart your Google Chrome browser and try to load that website again.
To access this feature in Mozilla Firefox, type about:preferences#privacy in the address bar and press Enter. Scroll down to the Cookies and Site Data section and click on the Clear Data button.
Tick on two options: Cookies and Site Data & Cached Web Content, as the following image and then click on the Clear button.
In Microsoft Edge, you can click on the menu icon and navigate to Settings -> Privacy & Security tab. Under Clear browsing data, click on Choose what to clear. Select the three first options (Browsing history, Cookies and saved website data, Cached data and files) and then click on the Clear button to clean up all these data.
If you are using a macOS computer and want to access this function, you should take a look at the top menu bar. It is there, as you can see in the following image.
Are you looking for a perfect solution to clean up your entire computer? Spend a few minutes reading our latest review regarding CleanMyMac X, a strong cleanup application. It is available in both Windows and macOS.
Use Your Browser In Incognito Mode / Private Mode
The effect of using incognito or private mode on your browser is that it runs without browser cache, cookies, or browsing history. It is quite similar to the above method, which needs to clear browsing data, cache, and cookies on your browser.
To access incognito mode in Google Chrome, click on the menu icon and select New Incognito Window, or simply press Ctrl + Shift + N to quickly launch it.
In Mozilla Firefox, you can visit File -> New Private Window to open private mode, or just press Ctrl + Shift + P on your keyboard. You can also click on the menu icon and choose New Private Window to launch the private mode.
Regardless of browsers, you can easily open private mode with these steps because it is quite the same. It is not difficult to find.
Flush DNS Cache On Your Computer To Fix Your Connection Is Not Private Error
A DNS cache is a momentary database that contains records of all recently accessed domain names and IP addresses. Your computer's operating system maintains it. A DNS cache is a recent DNS lookup database that your computer will use as the first place to refer quicker when you request to visit a website.
A DNS cache can be poisoned because of viruses or malware. It inserts invalid DNS entries to the cache database and redirects you to a wrong destination. This type of attack is called DNS spoofing or DNS attack.
For example, when you visit: https://www.domain.com, instead of pointing you to the right web server, a fake DNS cache will redirect you to somewhere else on purpose to collect personal data and financial information. But luckily, attackers have no way to fake an HTTPS website completely.
Therefore, there will be a warning message: Your connection is not private will show up on your browser because the certificate is invalid and does not match. Also, there are a few cases that the information in a DNS cache is outdated by the recent action of the website's owner.
Here are all the reasons why you should flush the DNS cache database on your computer and let it retrieve a new one.
Microsoft Windows
To flush the DNS cache in Windows, press Window + R, type "cmd.exe" in the Run dialog and press Enter.
In the Command Prompt window, input this command: ipconfig /flushdns, and press Enter.
That's it!
Apple macOS
To clear all DNS cache in macOS, navigate to Applications -> Utilities and launch Terminal application. Once it opens, run this command: sudo killall -HUP mDNSResponder, and press Enter.
All the DNS cache will be wiped out!
Clear DNS Cache In Google Chrome
To clear the DNS cache in Google Chrome, copy chrome://net-internals/#dns and paste in the address bar and then press Enter.
In the next step, click on the Clear host cache button.
That's it!
Ways To Fix Your Connection Is Not Private Error In WordPress
In this section, I would like to point out why your WordPress website (or any other platform) is getting this error. However, it is wise to recheck and make sure it comes from your website, not from your computer. To test it, you can use other devices and network and browse your website. If the error persists, then it definitely comes from your website.
So why does my website get this error?
It could be that the SSL certificate on your website has expired or is not set up incorrectly.
Did you install the SSL certificate on your website by yourself?
Have you done it properly?
If you buy an SSL certificate from some websites like Name.com, Namecheap.com, or GoDaddy.com, you should find existing "how-to-install" tutorials from them. I am sure it is quite simple and very understandable.
When I set up my first SSL certificate and turned on HTTPS on my website, I read and followed a guide on the NameCheap.com website. You can use the following search phrase to find appropriate guides to set up an SSL certificate on your website.
- "set up ssl in cpanel + site:name.com"
- "set up ssl cpanel + site:namecheap.com"
- "set up ssl cpanel + site:godaddy.com"
This is also a great guide from Shah that you should consider reading. It shows you the steps to generate CSR and install an SSL certificate on cPanel for your WordPress blog.
But how about a free SSL certificate from Let's Encrypt?
Let's Encrypt is a free, automated certificate authority (CA) that runs for the public's benefit by the Internet Security Research Group (ISRG). It provides digital certificates and offers users the chance to enable HTTPS for websites for free.
Setting up a free SSL certificate and turning on HTTPS on your website with Let's Encrypt is quite simple. Nowadays, most web hosting providers support this free SSL provider and provide a tool to assist you in setting up with a few clicks.
Currently, I am using A2 Hosting and so far, so good. I'm satisfied with their services, and there are also handy guides to help me set up my blog simpler and faster. For example, they released a great step-by-step tutorial with images to help their users to install a free SSL certificate through Let's Encrypt in WordPress. Inexperienced users just need to follow these steps, and everything will be good!
You can also hire people with experience to do this task for you at a budget price. For example, you can easily find someone who will set up SSL on your website for $5 (actually $5 + $2 handle fee = $7) from Fiverr.com. So I think it would be better to hire someone to install SSL or fix any SSL/HTTPS issue on your website when you lack experience.
All In All
Web browser errors are never fun, and sometimes, they can be difficult to troubleshoot. Hopefully, one of the solutions above will help you to deal with Your Connection Is Not Private error as fast as possible. Remember, this SSL/HTTPS error is typically caused by something set up incorrectly on your computer or with the SSL certificate on the website itself.
Was there anything I missed? If you found another way to resolve this error faster, share it with me to help other users!