CLIENT AREACall Us 1-800-383-5193


Call Us 1-800-383-5193


Call Us 1-800-383-5193

Need help?

Our experts have had an average response time of 11.7 minutes in August 2021 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

Your connection is not private err_cert_authority_invalid

by | Oct 10, 2021

Stuck with the error, Your connection is not private err_cert_authority_invalid? We can help you.

With this error websites secured by Let’s Encrypt certificates show ERR_CERT_AUTHORITY_INVALID warning after September 30, 2021.

As part of our Server Management Services, we assist our customers with several Plesk queries.

Today, let us see how we can fix this error.


Your connection is not private err_cert_authority_invalid

Most often, the symptom of this error is as following:

  • After September 30, 2021, websites hosted and secured on a Plesk with Let’s Encrypt certificates, show the error, ERR_CERT_AUTHORITY_INVALID.
  • We see the certificate DST Root CA X3 in the certificate chain (Padlock icon in address bar > Certificate > Certification Path).

Generally, the cause of this error is the expiration of the DST Root CA X3 root certificate on September 30, 2021, at 14:01:15 GMT.

This can affecrt outdated client operating systems, including:

  1. Windows < XP SP3
  2. Windows 7
  3. macOS < 10.12.1
  4. iOS < 10
  5. Android < 7.1.1
  6. Ubuntu < 16.04
  7. Debian < 8

Moving ahead, let us see how our Support Techs resolve this error.

When it is in Windows Server, we install the latest OS updates and reboot the server to refresh the root certificates cache.

On the other hand, for an outdated Linux server, we need to apply the steps below:

  1. Initially, we connect to the server using SSH.
  2. Then we open the file /etc/ca-certificates.conf for editing.
  3. Eventually, we comment out the line mozilla/DST_Root_CA_X3.crt by putting the symbol, ! to the beginning of the line and save the file.
  4. Finally, we execute the command:
    # update-ca-certificate

In case, we receive TLS errors in the contact form or email clients, we change the hostname to server hostname instead of mail.domainname.

[Need help with the fix? We are here for you]



In short, we saw how our Support Techs fix the Plesk error for our customers.


Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.



Submit a Comment

Your email address will not be published. Required fields are marked *