What does “There is a problem with this website’s security certificate” mean, and what should I do?

https uses certificates to validate the site you're connecting to, as well as encrypt the data. Certificate errors are worth paying attention to.


I have a laptop that consistently has a problem when it accesses a site online each and every time I get the same message from the site I am visiting. The message is strange and I have no knowledge of how to correct the implied problem.

The message is: “There is a problem with this website’s security certificate. The security certificate presented by this website has expired or is not yet valid.”

This message appears when I try to access my email account.

The problem is most likely not yours to correct. In the case you’re asking about, more often than not, it’s a problem with the web site itself.

Though you still need to be careful.

Let’s look at security certificates on https connections, what they mean and what you should do when faced with messages such as this.

Here’s an example of the type of error that we’re talking about, as displayed in Internet Explorer 7:

Certificate Error as displayed by IE7

That’s one you can see yourself by going to https://ask-leo.com – there is no https version of the site, but there is enough in place should I want one, that it will currently cause that error.

You’ll note that specific error is different than that in the question. I’ll address that shortly.

Security certificates are used as part of the https protocol for two purposes: to validate that you’re actually connecting to the site you think you are, and thereafter to encrypt the data …

Security certificates are used as part of the https protocol for two purposes: to validate that you’re actually connecting to the site you think you are, and thereafter to encrypt the data going back and forth between you and the site. It’s that first purpose – validation – that these errors are concerned with.

I’m going to purposely gloss over the geeky details, but in short, when a browser attempts to connect with a remote server using the https protocol, it receives a packet of digital information that has been cryptographically “signed” by a trusted third party. Distributed with the browser (and periodically updated) are the root keys that can be used to validate that signature.

A “valid” signature means that a) the decryption of the signature worked, and b) the information accompanying the signature matches what’s expected, and finally c) the signature has not expired.

Let’s look at what each of those means:

  • If the signature can’t be decrypted, that implies that the signature was not signed by a trusted third party. The process of getting a valid security signature requires that the web site owner contact one of a handful of certificate issuing authorities to get a certificate. If they generate one on their own (as I have with https://ask-leo.com), https can still be used for encryption, but it in no way validates that you are in fact connected to the site you think you are.The error “The security certificate presented by this website was not issued by a trusted certificate authority.” implies exactly that – no third party was used to generate an official security certificate, so the contents of the certificate cannot be trusted.

    Unless you know what you’re doing, it’s safest at this point to least suspect the validity of the entire site and not

  • Certificates are issued for the specific domain you connect to. So, for example, if you attempt to connect to
    https://ask-leo.com and the certificate comes back and says “I’m the certificate for server1.pugetsoundsoftware.com”, that’s a certificate error. It could imply that your connection attempt has been hijacked, and that you’re possibly not connecting to the site you think you are.The error “The security certificate presented by this website was issued for a different website’s address.” indicates that this is the case. (The equivalent error message in FireFox will further indicate exactly what site the certificate claims to be. There you’ll see that an attempt to connect to https://ask-leo.com will in fact return a certificate issued to “server1.pugetsoundsoftware.com”.)

    This actually happens from time to time by accident. For example “example.com” and “www.example.com” are two different domains, and would require two separate certificates and it’s easy to overlook that.

    Valid redirection attempts can also apparently trigger this error if not handled properly. At this writing https://www.gmail.com/ has this problem. If you are not logged into GMail, attempting to connect securely to Google Mail via gmail.com will generate the error. If you click on “Continue to this website” you’ll be redirected instead to the account login page on https://www.google.com/. I suspect that the wrong certificate is being presented for the initial contact. (You can avoid this path and get an always-valid secure path by going to
    https://mail.google.com which appears to handle the situation properly.)Domain mismatches are almost always suspect, and the safest thing is not to continue unless you have other strong reasons to believe that the error is, itself, in error.

  • Certificates are valid only for specific periods of time and are issued with start and end dates. If the website owner installs a certificate before its start date, or neglects to renew a certificate before it expires, that too is a certificate error.

“The security certificate presented by this website has expired or is not yet valid.” is the error that results when certificate is used outside of its assigned date range.

Date errors aren’t as serious as the other errors above, particularly if the certificate expiration and or start date (if the
browser shows you) is within a few days.

Most of the time the problems are simply oversights and omissions on the part of the server administrator. In your case, for example, I’d simply guess that the administrator of your email server has simply failed to update their certificate. You might contact them and let them know.

The whole point of security certificates, however, is to detect those errors because they may indicate various forms of server compromise, or even a compromise of your own computer. If your computer thinks it’s going to https://yourbank.com but due to a malware infestation on your machine it’s being directed to a hacker’s computer overseas, https will tell you.

And, of course, when in doubt take the safe route. You should not continue, but instead double check that you’ve typed in the correct domain name or URL, and perhaps contact the site owner via other means to determine what’s happening.


  1. Rachel

    I have this same error message, but it’s for major sites that certainly aren’t having a certificate problem (like facebook and ebay). HOw can I simply turn this option off on my computer. I have searched for many answers on computer so far and have tried the following things: Changed Advanced Internet options, lowered security filters, turned off phishing filters, installed the security certificates of the websites that have the error, and added URL’s to the “trusted sites” list. None of this has changed anything. And, after each change, I have closed the broswer and restarted it. nothing… Help!

    You can’t turn this off. In fact, you shouldn’t turn this off, since it does indeed imply a problem of some sort. One possibility I was reminded of by my friend Dave Taylor is that the clock on your PC might be wrong.

    – Leo
  2. Jeffrey

    If it happens every site you go to, check your date and time on your computer. If your computer’s date is off by a certain amount of time, usually I have seen 1 year. In other words if today is 12/7/08 and your computer shows 12/7/07 you will see this error, for nearly every web site you go to.

  3. Derus Berg

    I get this certificate error when i connect remotely to access my Exchange mail on my own 2003 server. I can’t figure out what certificate it’s talking about

  4. Glenn P.

    I have another question regarding security certificates. It concerns a button that I see (when I view it in MSIE6.0) on the certificate, labelled “Install Certificate”. Why is this button there? I mean, clearly, the certificate works just fine without having been installed (else the web page would fail). Is there any value to installing a web certificate? Is there any case where this would be appropriate???

    There are cases, but they’re typically very geeky in nature, and not something that the average user ever needs to consider. Essentially it’s saying “permanantely trust this certificate”, but you should not do this unless you really, absolutely, positively know what you’re doing. Cert warnings exist for a reason, and the underlying issues that cause them should be investigated and resolved, not worked around.

    – Leo
  5. sudhamol

    hi leo ,
    i read the problem which is faced by other when the access to the desire website because i also face the same problem , now i have one double will this problem prevent to install any new software for eg , i am trying to install the new version of yahoo messanger 9 but i cant do so , can u help me out …

  6. Kayren

    I tried to get on this website i usually go on quiet regular. I sign in but it keeps saying i am having a certificate problem. I couldn’t understand what it meant. Somehow i’ve done something with the URL. So now its coming up: The requested URL/login/was not found. How do i sort this problem? I would be grateful if you could help me because i don’t have a clue? And i need to get back on this site.

    • Karen Sellers

      I ask Google for information. It shows options but won’t open any of the sites. Little blue bar showing opening website doesn’t move

  7. Paul

    I get it on a select few…and in order to help a neice with a governement website (child support) I tried to find out why she gets this same error.

    I get it too and my system is totally different than hers.

    But also neither of us have trouble with the site when we use anything other than IE.

    To me the problem is IE related whether its something I can fix or not.

    Solution: Dont use IE if you get this error.
    I use both Safari & Firefox often for this reason alone.

    Its also one of the top reasons (that and UAC) that I will go Linux or OSX on my next computers.

  8. sheila slater

    my daughter trying get on facebook and bebo, it is saying security certicate and wont let her sigh in, whats could be the problem

  9. Dwayne

    Posted by: Rachel at December 6, 2008 8:12 PM
    I changed the date on my computer and WOW! that fixed the certificate problem for me. It’s an old post but, Thank you Rachel.

  10. Axel Grude

    I have that problem on our Company’s webmail exchange server (“not issued by trusted authority” and “issued for a different website’s address”) I have talked to our IT dept. and they can not (or don’t want to) change that.
    I have tried adding the domain to my trusted sites and to my intranet sites, all to no avail. Surely it must be possible to bypass this for ONE site????????
    I have also tried group policy editor, but did not find any suitable option.

    It is really ridiculous that I have to click this link every time I need to access my work email! This needs an easy workaround by Microsoft especially for those IT workers who need to access their Intranet stuff remotely.

  11. kiki

    You were soooo right i changed the date on my comp. becaouse it was dated to last year and now i can log into were i coudnt before yay!! thanx Leo.

  12. Ed

    Leo I love your column. However the phrase: “…but there is enough in place should I want one, that it will currently cause that error.” is not very clear. Why will the browser sometimes go automatically to https even though you type http?

  13. Goobys

    Ok i read this article, but i am still confused. I’m sorry i am not very good with computers. I had no idea what a cookie was until today. :/ Everytime i try to log into [Site Removed] it says that ‘The security certificate presented by this website has expired or is not yet valid.’ You mentioned that above, but how do i fix this problem? I tried enabling my cookie and when i try to log into my account on DA it says that the cookie used to remember my password and username (which were correct) was not remembered. How do I make it remember the cookie? How do i validate the security certificate? I’m so confused. Please help. >_

    Security certificates are not related to cookies, and they are not something you can fix. It’s an issue with the website you’re visiting, and something they have to fix.


  14. Ramon

    I am getting the error message you show, when visiting web sites I know are safe, and that I had no problem with a few days ago.
    If I visit them on a different pc, no problem, and the support people at the sites cannot replicate my problems.
    So what can I do about this?
    They are https sites, btw.

    Thank you.

  15. John Jeffrey Larrett

    I have read the article – check my clock & still have the problem. My wife has a laptop & we share the same SP via the same modem & she has no problem. I have checked with the website & they assure me the certificate is up to date & valid. I tried to subscribe to your RSS feed but failed. Any other suggestions. Thanks

  16. arif

    check u r date and time and also anti virus is update to to the date because some malwares are blocked that security setting file

  17. Donna

    go in to youi date and time on the task bar and make sure the date, especially the year, is right!

  18. Stormy

    i want to thank you very much on the information posted. I had let a friend use my laptop and when it was return. It was not working as given after reading your posted inregards to website certificate it was a minor thing the computer date was really off.

  19. Dave Markley

    I agree with Leo that it is almost always the website’s problem, not you or your computer. But, I have found (as many have mentioned) that if the date and time is wrong in your computer, the website certificate’s date won’t show as valid. What I didn’t see anyone say is that if your computer’s date and/or time is incorrect, (aside from you changing it, or a ‘sloppy’ installation of Windows), most likely your CMOS battery is going bad. This is usually a little ‘watch’ battery on your motherboard. In a desktop PC it’s easy to just replace for about $4 from anywhere that sells batteries, just make sure you get the same ‘model number’ battery as there may be a difference in voltage. In a laptop, it is most likely a watch battery, but some use a tiny capsule or disk-shaped battery soldered to the motherboard – these require professional replacement.

  20. tarun singh rathore

    hello, friends.
    I ‘am tarun, i have a problem. that is – whenever i start my pc, message appears – ” Date & time wrong ” what should i do… ?
    solution of this problem is very important for me……..

  21. saiyad

    i have the above problem each time i go to check my email the message comes up when i open the page “there is a problem with the security certificat….what should i do

  22. Linda

    I have a bb curve 9300 and it has a few certificate4 not trusted,should I delete them in my options/security settings.don’t know anything about internet workings at all really and also why does it say everytime I goto my gmail,press to redirect you,should I delete these not trusted and then change my email add password.thank you for your time.

  23. pranav

    yaaaa..same problem for me too…but i solved it by adjusting my date and time settings in pc …..Now ,the pages are opening as usual….Thanks for the appropriate answers above…

  24. eze

    for d past three days i cudnt browse on my pc..bt d connecion is active.i cud also used d same connection to browse on my fone.tanks…as soon as i change d date setting it worked perfectly

  25. Tony

    I just started to get that certificate error msg on my Windows Vista, IE9, each time I visit to a trusted website face page xfininity. I don’t get the same msg when using my Windows 8.1 portable?

  26. Mitch

    The time on my computer is right and I am on firefox it wont wok but internet explorer and google chrome work with facebook but firefox wont any ideas what i can do

  27. Sue

    I used chrome and accidently signed in to my outlook email account on a site where the https had a red strike to it and I clicked enter before I realised. I signed out immediatly and used explorer to sign in to my account which had the https in green but now my inbox is wiped out except for 15 messages from one person.
    Have I completely messed up my email account?

    • Connie

      You may have used a phishing site to sign in. If so, use the steps in this article to secure your account: https://askleo.com/email_hacked_7_things_you_need_to_do_now/

      Strangely enough, though, a few days ago I noticed that outlook.com (actually mail.live.com) had a certificate error. It struck me as pretty funny that Microsoft had messed up their certificates! They fixed it straight away. So you may have just seen that on the same day I did.

  28. Satarra

    Hello Mr. Leo, as u can see my name is Satarra, and this is very important my shcool laptop is going through this same issue and the time and date is correct what does this mean, why is my internet keep doing this, it has been doing this ever since the beginning if the year please help ASAP

  29. judy snyder

    I have an issue with a security certificate. I think a hacker is using this for no good. Theit on my facebook and everything I do. Their hacking everything on my account and using my account ad theirs?? Blowing up my data plan. How do I get rid of it or them? Thanx, judy snyder

Leave a reply:

Before commenting please:

  • Read the article. Seriously. You'd be shocked at how many people make comments that prove they didn't.
  • Comment only on the article. If you have a new, unrelated question start with the search box at the top of the page.
  • Don't post personal information. Email addresses, phone numbers and such will be removed.

VERY IMPORTANT: because of a rise in comment spam that's making it through our filters any comments that do not add to the discussion - typically off topic or content-free comments - run a very high risk of being flagged as spam and removed.

If you have a new question unrelated to the article above, ask it on the Ask Leo! ask-a-question page.

Your email address will not be published. Required fields are marked *