How to Fix “Your Connection Is Not Private” Error

Contents

For instance, websites with invalid SSL certificates make it easier for hackers to commit data theft. If you enter personal information like login credentials or payment details, your information may be visible to others.

Troubleshooting client VPN tunnel connectivity

This page is specifically about attempting to find and resolve problems with an OpenVPN client program failing to connect to an OpenVPN Access Server. It does not deal with problems in reaching a target system over the established VPN tunnel once the VPN tunnel is already working. That is handled in a separate page: troubleshooting reaching systems over the VPN tunnel.

So if for example you start the OpenVPN client connection and it issues an error and disconnects you, then the information here should help you in determining a possible cause and solution. If not, reach out to us on the support ticket system and provide as much detail as you can.

Locating the server log files

To diagnose problems with an OpenVPN server or client, it is helpful to look at the log files. The log files are located in specific areas on your computer systems, and the following is a general guide on how to find them and how to get the best information out of them. Log files are the place to check whenever you’re having any problems making a connection with an OpenVPN client program to the OpenVPN Access Server, they the information needed to ascertain what’s going wrong.

On the OpenVPN Access Server there is the server side log:
/var/log/openvpnas.log /var/log/openvpnas.node.log (in case of a failover setup)

In the event that you are having problems with starting the Access Server or certain portions of it, for example the web services, then it may be useful to stop the Access Server service, move the log file aside, then start the Access Server service, and stop it again immediately. This creates a new clean log file that contains the startup and shutdown sequence of the Access Server and no other extraneous information. This makes analysis of the log file much easier. To do so use these commands in order:

service openvpnas stop mv /var/log/openvpnas.log /var/log/openvpnas.log.old service openvpnas start service openvpnas stop

You can then grab the /var/log/openvpnas.log file for analysis and start the Access Server again:

service openvpnas start

Locating the client log files

Log file location for the OpenVPN Connect Client for Windows:
C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\etc\log\openvpn_(unique_name).log

The OpenVPN Connect Client for Mac:
/Library/Application Support/OpenVPN/log/openvpn_(unique_name).log

Macintosh may not show you this folder in finder as it only shows you certain things and hides others. So to get to the /Library folder, open Finder and in the menu at the top choose Go followed by Go to folder and then enter the path /Library to get into that directory. You can then go to the correct folder and look up the log file. Please also note that the OpenVPN Connect Client for Macintosh will have permissions set on the log file so that you cannot normally open it. To bypass this, right click the log file and choose the Get info option in the menu. Then at the bottom, under Sharing & Permissions, you will be able to use the yellow padlock icon to unlock the settings and to give everyone read access. Then you will be able to open the log file with a right click and selecting Open with and then choosing something like Text editor to view the contents of the log file.

Known error messages and possible solutions

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

This particular error can have multiple different causes as it is a fairly generic error message.
A possible explanation is that the client program is old and supports only TLS 1.0, but the server is expecting TLS level 1.1 or higher. To see if this is the case log on to the server and check the server side log file. The chances are high that your client program is an older version, like version 2.2 or older, and that it doesn’t know how to handle a modern TLS minimum level requirement, when you see messages that look like this on the server side:

OpenSSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol' TLS_ERROR: BIO read tls_read_plaintext error' TLS Error: TLS object -> incoming plaintext read error' TLS Error: TLS handshake failed' SIGUSR1[soft,tls-error] received, client-instance restarting'

The solution to this particular problem is to upgrade the client software to the latest version.
Another possible explanation is that the settings regarding TLS minimum requirement level have been altered but the OpenVPN client is using an older copy of the connection profile which has incorrect instructions. The settings on the client and the server must match for the connection to be successful. In this situation installing a new copy of the configuration profile will solve the issue. A complete uninstall, redownload, and reinstall of the OpenVPN Connect Client should take care of that for you.

And yet another possible explanation is that there is a blockade in place in a firewall or at the Internet service provider that is blocking or interfering with the TLS handshake in some way.

TLS Error: local/remote TLS keys are out of sync

For some reason the negotiated TLS key to be used on the client side for TLS encryption/decryption is different from the one used on the server side. That should never happen. When the client and server are talking to one another they agree upon a TLS key to be used for encrypting and decrypting traffic. By default in Access Server such a key is valid for 6 hours, and after those 6 hours, automatically the TLS refresh kicks in and they will agree upon a new key. There is a short overlap where both the old and new key are accepted, until the old key is expired and the new key must be used. If for some reason one side doesn’t do this, you see this error message.

A possible cause is a bug in the OpenVPN protocol with the version used in OpenVPN Connect Client which was resolved, where the automatic TLS key refresh would fail because the client and server couldn’t agree properly on the encryption cipher to use. So if you encounter this particular problem and you are using an OpenVPN3 based client like OpenVPN Connect Client 2.*, then consider updating to the latest version. You can do so for example per computer by downloading OpenVPN Connect Client for Windows or OpenVPN Connect Client for macOS from our website, and installing it. However a better solution would be to update your Access Server to the latest version so that you get the updated Connect Client embedded in there, and then downloading and installing the latest version of OpenVPN Connect Client from your Access Server. If you use other client software and it shows problems, try finding a newer version for it. Worst case scenario, you could also consider changing the TLS key refresh to something larger in the Advanced VPN page of the Admin UI, to avoid triggering the issue. This does of course lower security somewhat.

Server poll timeout

One of the very first steps that an OpenVPN client program will do when trying to connect to an OpenVPN Access Server is to simply send out a message requesting for a reply. So basically a “hello are you there?” message. The server is then supposed to respond and then a connection is started. However if you see a server poll timeout error message then the server could not be reached at the specified port. Why this is not possible is another question entirely, but the error message is very clear: there is simply no response at all on that address and port. So when you see this message it would be good to check if the port is actually open, if the port is correct, if the address you’re trying to reach can actually be reached from the Internet, and isn’t a private IP address only, and other such checks to confirm basic connectivity to the server. At this point you’re not even looking at a problem that has anything to do with the OpenVPN protocol itself. This is a most basic “this server cannot be reached” message.

A common mistake that is made is that people set up the Access Server on a private IP address but neglect to set up a proper FQDN DNS name for it, and configure that FQDN DNS name in the Admin UI under Server Network Settings in the Host name or IP address field. It is that field value that connection profiles generated and provisioned to the OpenVPN clients will be using to start a connection to. So if this is set to an internal private IP address that the Access Server was installed on, then the connection profiles will try to connect to that private IP address, which is unlikely to be reachable from anywhere else but the internal network that the Access Server itself is on. The solution is to set up a proper DNS name and configure that and save settings. Then uninstall, redownload, and reinstall the connection profile or OpenVPN Connect Client program and to try again.

Another common mistake is to forget to open the 3 ports required for OpenVPN Access Server to be reachable properly. By default these are TCP 443, TCP 943, and UDP 1194.

SESSION_ID only allowed to be used by client IP address that created it

OpenVPN Access Server uses a session-based-token system for server-locked and user-locked profiles. Auto-login type profiles don’t. What this means is that after a user authenticates successfully, they are given a session token to identify themselves with. Compare it to going to a party and you show up and pay your entry fees, and if you need to go out for a little bit, they give you a stamp on the back of your hand, or put a paper/plastic strip around your wrist, so that you can show up again later and be admitted access again. That’s a very simplified explanation. With a session token, each token is unique and uniquely identifies you. This avoids having to store your credentials in memory or bothering the user to reauthenticate when you temporarily lose contact with the server and reconnect again, so it’s safer and more convenient. The session token is locked to the IP address that the original authentication attempt was made from, this is a security feature. When you see this message it means the session token your client program offered to the server was generated originally from another IP address. This can happen for example if you switch Internet connection, like logging in at work, then moving your laptop home and it tries to reconnect automatically with the session token. This session token IP lock is a security feature that can be disabled to allow such automatic reconnects to occur without this error message.

Authentication Error: Session: your session has expired, please reauthenticate

The OpenVPN Access Server works with a session token based authentication system when you are using a server-locked or user-locked profile. When you authenticate successfully, you are given a session token instead. The session token identifies you now from that moment onward. By default the session token expires after 5 minutes of inactivity as in not being connected to the server, and it also expires after 24 hours by default. Furthermore, when the session token is generated on the server, it gets locked to the VPN client’s connecting IP address. This session IP lock can be disabled, and the timeout for session inactivity and the timeout for total session duration mentioned can also be adjusted. If for example you are on your phone and you are connected through WiFi, and you walk out of range of WiFi, and it switches to another Internet connection like 3G/4G or something, then your VPN client will disconnect but attempt to reconnect automatically. Your IP will now be different and as such the session token is not valid anymore. You will see an error like in the previous section in the server side log file (SESSION_ID only allowed to be used by client IP address that created it). And if your connection has lasted 24 hours in total, then it will also disconnect you if you’re on a session-based connection with server-locked or user-locked profile. The solution is to either use an auto-login type profile or to increase the session token duration.

unable to obtain session ID from vpn.yourserver.com, ports=443: (error description here)

This error message can be found in the capi.log file and also shown in the popup message in Windows or macOS when you use OpenVPN Connect Client for Windows or macOS. This error message indicates that a server-locked connection profile is being used, which is the default on OpenVPN Access Server when you download and install the OpenVPN Connect Client. A server-locked connection profile is designed to be user-agnostic, meaning it doesn’t carry any user-identifiable information in it, and is a sort of universal profile. This allows any valid user accounts to start a connection with this OpenVPN Connect Client. The credentials are passed over a secure HTTPS channel to the XML-RPC services of the Access Server for verification, and if approved, the client will receive a copy of the user-locked profile for this user, and a session token. Those will be used to start the OpenVPN tunnel. After the tunnel is disconnected, the user-locked profile and session token are deleted. But for this to work, there must be a working HTTPS connection to the web services of the Access Server.

unable to obtain session ID from vpn.yourserver.com, ports=443:
Other SSL errors:[(‘SSLroutines’,’SSL23_READ’,’ssl handshake failure’)]

This could indicate that the Connect Client was able to reach some service, but it does not appear to be the Access Server web services, or perhaps the traffic is mangled by some firewall or proxy solution. For example we have seen situations where OpenVPN Access Server was installed with default settings, and OpenVPN Connect Client was installed and working, and then the port was changed on the server side from TCP 443, to TCP 444 for example, and then a web server was setup on that same server system, with an HTTPS website running on it on port TCP 443. The OpenVPN Connect Client won’t have received an update to the new port setting for the Access Server web services, and so it tries to talk to the old port, where now a web server runs. This causes an unexpected problem that can result in this type of error. If you encounter this problem you should investigate if the port that the client is trying to reach is actually reachable by this client, and to try to determine if there really is an Access Server web service running there. If you changed the ports on the server you need to reinstall this client so it updates the settings.

unable to obtain session ID from vpn.yourserver.com, ports=443:
ConnectionRefusedError: 10061: No connection could be made because the target machine actively refused it

This is a very clear indication that the address and port that the OpenVPN Connect Client is trying to reach, does not have an Access Server web service running there. For example if you install OpenVPN Connect Client on a client computer, and then you go to the Access Server and change the ports that it listens to, then the client will still be trying to connect to the old ports that were originally configured. This can also sometimes occur if the address of your server is simply misconfigured. The solution is making sure that in the Admin UI in the Network Settings page you have set the address that your server can be reached at correctly (it is best to do a DNS name instead of an IP) and that the ports are how you want them, and then after that’s set up, to download and install the OpenVPN Connect Client on your client computers.

unable to obtain session ID from vpn.yourserver.com, ports=443:
XML-RPC: TimeoutError

This indicates that the Access Server web interface’s XML-RPC interface is unreachable. The OpenVPN Connect Client uses this interface to obtain the necessary certificates and configuration to start the OpenVPN connection when you are using a server-locked profile. You will not be needing the XML-RPC interface when you use user-locked and auto-login profiles. The advantage of server-locked profiles is that they are universal – any valid user at the Access Server can log in and connect. The timeout error just means the connection timed out, usually a firewall or such is blocking the connection. The solution is to ensure that the web interface is reachable from this OpenVPN client, or instead use a user-locked or auto-login type profile.

unable to obtain session ID from vpn.yourserver.com, ports=443:
XML-RPC function GetSession with 1 arguments may not be called at the configured relay level

The OpenVPN Connect Client program for Windows and macOS by default uses server-locked profiles. These contain only the information necessary to talk to the XML-RPC web interface of the Access Server for the purpose of authenticating a user and obtaining the required certificates and connection information to start the OpenVPN tunnel. This is done so this client is universal. It will work for all valid users on the server and isn’t locked to a specific user. This does require that the web interface is reachable and that under client settings in the Admin UI the XML-RPC function is set to at least limited functionality. Full functionality also works, but when you set this to disabled, then you will get this error. The solution is to either stop using server-locked profiles and switch to user-locked or auto-login profiles, or to enable at least limited functionality for XML-RPC calls. The default is limited functionality and that is sufficient for OpenVPN Connect Client and server-locked profiles.

See the logfile ‘C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe.log’ for details

If you see this error message while launching the OpenVPN Connect Client, and it fails to launch, you may be missing specific Microsoft Visual C++ Redistributable DLL library files. This issue was resolved in OpenVPN Connect Client for Windows version 2.5.0.136 by adding specific required library files into the OpenVPN Connect Client program directories. You should ensure you use up-to-date software to resolve this issue. You can upgrade your Access Server to the latest version so that it offers updated OpenVPN Connect Client software, or you can separately download the OpenVPN Connect Client for Windows from our website, to upgrade your existing Connect Client version.

Serial number not found in DB

OpenVPN Access Server by default comes with an internal PKI structure, which means a self-signed root certificate with unique certificates generated for each OpenVPN client for that server. These are all unique and tied together. This is part of the strength of OpenVPN, the identity of a VPN client and a VPN server are verified in both directions when a connection is made. The client verifies the server, and the server verifies the client. So for each user account you add to the Access Server, a unique certificate is generated. The certificate is bound to the user account name, so you can’t log in with the credentials for user bob with the certificates for user billy. Each certificate also has a serial number, a unique number identifying the certificate. If you see the error that the serial number is not found in the database, that means this certificate is not known to this server. Even if you revoke a certificate, it is still known to the server, and will not produce this particular error. So you may be using a certificate from a completely different Access Server by mistake, or maybe you started with a new setup of Access Server on your server and the certificates are wiped and new ones generated for the new setup, while you’re still using old certificates from the previous installation. To resolve this problem, make sure to delete the wrong connection profile from your client computer and obtain a new one from your current Access Server installation and use that to connect.

Open TAP device “” PATH=”” FAILED TUN Error: cannot acquire TAP handle EVENT: TUN_IFACE_CREATE cannot acquire TAP handle [FATAL-ERR] 2021 EVENT: DISCONNECTED Client exception in transport_recv: tun_exception: not connected

You may receive this error message when the OpenVPN Connect 3.x service stops or does not resume when you sign back into the computer. The issue is likely caused by an antivirus program. Specifically, we’ve seen this with ESET Antivirus. You can reconnect by restarting the service manually, but the automatic connection may still encounter the issue. To test, turn off ESET. If that resolves the issue, then you may want to open a support ticket with ESET.

See also the topic authentication problems for more possible error messages and solutions regarding authentication issues.

How to Fix “Your Connection Is Not Private” Error

How to Fix “Your Connection Is Not Private” Error

When trying to access a website, you might come across an error that reads “Your connection is not private.” This error indicates the browser’s failure to authenticate a safe connection between your device and the website.

“Your connection is not private” can be caused by Secure Sockets Layer (SSL) errors on the server-side or client-side issues. Whether you’re the website’s owner or simply passing through, there are several troubleshooting methods on how to fix this privacy error.

Error code “Your Connection Is Not Private”
Error type SSL connection error
Error variations Warning: Potential Security Risk Ahead
Your Connection Isn’t Private
This Connection Isn’t Private
net::err_cert_authority_invalid
Error causes Invalid SSL certificates
WiFi network errors
Browser issues
Operating system issues

How to Fix “Your Connection is Not Private” Error – Video Tutorial

Want the short version of this tutorial? Learn all about the different methods to fix the “Your connection is not private” error and the common reasons behind this issue.

youtube channel logo

The “Your connection is not private” error message often occurs when your browser notices a problem while creating an SSL connection or can’t verify the certificate. When this error appears, your web browser simply prevents you from visiting an unreliable website.

If the website you want to access has an illegitimate certificate, you might see the NET::ERR_CERT_AUTHORITY_INVALID message instead.

A valid SSL certificate makes a website run on HTTPS – the more secure HTTP version.

Websites with problematic SSL connections are more prone to security issues, making them less reliable.

For instance, websites with invalid SSL certificates make it easier for hackers to commit data theft. If you enter personal information like login credentials or payment details, your information may be visible to others.

In addition, the “Your connection is not private” error can be due to issues on the visitor’s end, such as their web browser, WiFi network, or operating system.

Other possible reasons include using an unsafe public WiFi connection, having an incorrect date and time on your computer, or your antivirus software performing an SSL/HTTPS scan.

What the “Your Connection Is Not Private” Error Looks Like on Different Browsers

Different browsers have their own way of showing the “Your connection is not private” error message. Here are some examples of how the same error appears on Mozilla Firefox, Microsoft Edge, Safari, and Opera.

Mozilla Firefox

Screenshot showing your connection is not private error on Mozilla Firefox

If the SSL certificate of the website you’re trying to visit on Mozilla Firefox is invalid, you’ll receive the message “Warning: Potential Security Risk Ahead.”

In the description, Firefox tells users that it has “detected a potential security threat” and claims that “the issue is most likely with the website, and there is nothing you can do to resolve it.”

To get more detailed information and the specific error code, click Advanced. By identifying the particular issue, you can troubleshoot it more efficiently.

Some of the error codes you may see are:

  • SEC_ERROR_UNKNOWN_ISSUER
  • SSL_ERROR_BAD_CERT_DOMAIN
  • SEC_ERROR_EXPIRED_CERTIFICATE
  • SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE

Microsoft Edge

Screenshot showing your connection is not private error on Microsoft Edge

On Microsoft Edge, an invalid SSL certificate will take you to the “Your connection isn’t private” page, which is almost identical to what Chrome’s users encounter. You’ll also see a red “Not secure” near the address bar.

Edge also warns users that “attackers might be trying to steal your information” from the site you’re trying to access.

The Microsoft Edge error codes are similar to what you may see on Chrome:

  • NET::ERR_CERT_AUTHORITY_INVALID
  • Error Code: 0
  • NET::ERR_CERT_COMMON_NAME_INVALID
  • DLG_FLAGS_INVALID_CA

Safari

Screenshot showing your connection is not private error on Safari

If you encounter an SSL problem on Safari, you’ll see the “This Connection Is Not Private” page.

It will tell you that “the website may be impersonating the site you wish to access to steal your personal or financial information.” Safari will also suggest that you go back to the previous page.

Opera

Screenshot showing your connection is not private error on Opera

Opera’s version of the error is “Your connection is not private,” identical to Chrome’s. It also shows the error code under the description.

Click on Help me understand to reveal details on the issue. According to Opera, the error is caused by “a misconfiguration or an attacker intercepting your connection.”

The error codes you may see on Opera are similar to the ones that other web browsers display:

  • NET::ERR_CERT_AUTHORITY_INVALID
  • SSL certificate error
  • NET::ERR_CERT_INVALID
  • NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM

Want to Know More About SSL? Check Out These Guides

How to Fix “Your Connection Is Not Private” as a Website Owner

If you get the “Your connection is not private” error on your website, you will need to eliminate possible SSL certificate issues.

This section will provide four troubleshooting methods to solve this error on your website.

1. Check Your SSL Certificate’s Expiration Date

First, check whether your website has an expired SSL certificate. Sometimes, you might need to renew your SSL certificate manually, and you might not have done so.

For example, the free SSL certificates by Let’s Encrypt are only valid for 90 days, and you will need to renew them regularly to remain active.

To check an SSL certificate’s expiration date on Google Chrome, follow these steps:

Screenshot of the Connection is Secure option in the SSL details on Google Chrome

  1. Go to the website in question and click the padlock icon next to the address bar.
  2. Click the Connection is secure button. Note that this option might appear differently depending on your web browser.
  3. Select Certificate is valid.
  4. In the new window, you will see the SSL certificate’s expiration date next to Valid from.

SLL certificate

If your SSL certificate is still within its expiration period, try the following troubleshooting step. If it’s expired, it’s likely causing the error.

Renewing an SSL certificate will vary depending on your web hosting provider and certificate authority. Generally, it covers three steps:

  • Generate an SSL certificate signing request (CSR)
  • Activate the new SSL certificate
  • Install it on the website

Hostinger offers a free lifetime SSL certificate with all of their plans. With lifetime SSL, you don’t have to worry about manually renewing it again.

2. Confirm Your Certificate Was Issued Well

An SSL certificate that wasn’t issued correctly can also cause this error. Therefore, issuing your SSL certificate properly is a must to avoid SSL problems.

Another reason is that you are not installing the correct type of SSL certificate. For instance, websites with subdomains might need to install an SSL certificate for each domain or use a multi-domain wildcard SSL.

The organization that issues your SSL certificate must also come from a trusted certificate authority (CA). For example, Hostinger offers SSL certificates from an open-source CA, Let’s Encrypt.

To find out which organization issued your certificate:

  • Go to the website and click the padlock icon next to the address bar.
  • Select Connection is secure. Note that this option might appear differently depending on the SSL status.
  • Click Certificate is valid.
  • Next to the Issued by field, you will find the name of the organization that issued your certificate.

Check if the organization that issued your SSL certificate is a CA member. Some of the most well-known CAs are Comodo and DigiCert.

3. Run an SSL Server Test

An SSL server test can check the validity of a website’s SSL certificate. Some also offer insights that can help you pinpoint any SSL issues and fix them.

For instance, the SSL Server Test by Qualys will analyze a website’s SSL and grade its quality. All you have to do is enter your website’s domain name into the free online tool.

Screenshot of the Qualys SSL Server Test homepage

It will take a few minutes to analyze your website’s SSL configuration. Once it’s done, you will receive a detailed report and a grade. To view the summary of the report and the SSL scan’s detailed results, click on one of the server options.

The test found no issue with your SSL certificate if you received an A grade. If you received a lower score, it’s worth looking into the issues found to try fixing them.

Screenshot of an Qualys SSL server test report which includes the grade and detailed known issues

For example, the test might produce one or several of the following findings:

  • Server’s certificate is not trusted
  • Server is vulnerable to certain types of attacks
  • Server only accepts certain types of cipher with older protocols
  • Server only supports older versions of TLS

To fix known issues, identify them as given in the full report and follow the instructions suggested by the SSL server test. The SSL Server Test by Qualys provides links to articles that explain what these errors are and how to solve them.

4. Contact Your Web Host

If you tried the previous methods and neither has solved the issue, you should contact your hosting provider since a host-specific problem may be causing the error.

How to Fix “Your Connection Is Not Private” Error as a Visitor

Although a website SSL configuration error is usually the primary cause of this issue, sometimes it can be caused by a problem from the client’s side.

If you have any reason to believe that you’re the only one experiencing this error when trying to access a particular website, look at the following simple ways to fix the “Your connection is not private” error.

1. Reload the Page

If you see the “Your connection is not private” warning message, you should first try to reload the page.

While this might seem too obvious, it does work most of the time. Chances are, the SSL certificate is being reissued, or your browser failed to establish a secure connection to the web server.

2. Don’t Use Public WiFi

Using a public network like a café or an airport WiFi is the most common reason users encounter this error.

These days, HTTPS is a must for any website, especially if it collects private information. Unfortunately, public networks usually run on HTTP instead of HTTPS.

If you perform transactions on a public network, the information you input won’t be encrypted like on HTTPS. It will be transferred in plain text, and anyone using the same WiFi network can try and steal your personal data. That is why your browser will automatically show the message “Your connection is not private” to warn you.

Instead of using public WiFi, try loading the website while connected to a private network like your home WiFi or mobile data.

3. Use Incognito Mode

If you don’t want to remove your browser cache and cookies, you can check whether they’re causing the issue by trying Incognito mode. When using this mode, your browser will not store any site data on your computer.

To demonstrate how to use the Incognito mode on Chrome, click the three dots at the top-right corner and select New Incognito Window. Now, revisit the same website you were trying to access before and check if the error persists.

If the error persists, try clearing the browser data.

4. Clear Your Browsing Data

One method to try when experiencing the “Your connection is not private” error involves deleting the data your browser has stored, such as cookies, images, and files.

To clear the browser cache on Chrome, follow these steps:

Screenshot showing how to clear your browsing data on Chrome

  1. Click the three dots at the top-right corner and select History.
  2. Hit the Clear Browsing Data option on the left.
  3. Tick the boxes under the Basic tab to clear your browser’s cache and cookies or navigate to the Advanced tab for more options.
  4. From the Time range drop-down menu, select All time.
  1. Press Clear data once you’re done.

5. Check Your Computer’s Date and Time

This might seem odd, but the “Your connection is not private” error might appear because your operating system’s date and time are wrong.

Your browser relies on your computer’s clock and date settings to check an SSL certificate’s validity. If they’re incorrect, it might cause issues with the validation process. The certificate can appear to be no longer valid while it actually still is.

Make sure that your computer’s clock and date are configured correctly to fix the connection error. Here’s how to quickly check and adjust date/time system preferences on Windows and macOS computers.

Windows

  1. Go to Settings -> Time & Language -> Date & Time.
  2. Enable the Set time automatically and Set time zone automatically options if they’re turned off. Check if the up-to-date date and time are correct.

Windows date and time settings

  1. Refresh the website you’re trying to access.

macOS

  1. Go to the Apple menu ->System Preferences ->Date & Time.
  2. Make sure that the Set date and time automatically checkbox is marked.

macOS date and time settings

  1. On the Time Zone tab, check whether the Set time zone automatically using current location option is also enabled.

macOS time zone settings

  1. Refresh your web browser to see whether the issue has been resolved.

6. Check Your Antivirus or Internet Security Suite

Some antivirus software and web security programs will block unusual SSL certificates or connections. To fix “Your connection is not private,” you’ll need to turn off the SSL scanning feature.

If you don’t know where to find it, you can try to disable your antivirus entirely and reopen the site on your browser. If the error message is no longer there, this is the cause of the problem.

7. Temporarily Disable Your VPN

A virtual private network (VPN) encrypts and reroutes your internet connection through a remote web server, which hides your IP address, increases your web anonymity, and protects your personal information.

Unfortunately, these added security layers can block certain SSL certificates and cause the “Your connection is not private” error.

Temporarily disabling your VPN might remove some barriers between you and the website and allow you to check if your VPN is causing the error.

8. Try Accessing the Website via Proxy

A proxy reroutes your internet traffic through a remote web server. The difference between proxy and VPN is that a proxy does not encrypt your connection, and you can only set it up on the application layer.

There’s a possibility that other people can visit the same site with no issues, and the “Your connection is not private” error only appears on your computer.

A proxy can help you check whether the website connects properly via another network. Think of it as using your neighbor’s WiFi to check if they can visit the website.

To access a website via proxy, use free services like Hidester, Hide.me, or VPNBook. All you have to do is paste the URL of the website you want to access.

Alternatively, if you already have a proxy server’s address and port number, you can set them up on your browser. Here’s how to set up a proxy server on Google Chrome on Windows:

  1. Click the three dots at the top-right corner and select Settings.
  2. On the left sidebar, expand the Advanced menu and choose System.
  3. Click Open your computer’s proxy settings. Screenshot showing how to open your computer
  1. On the new window, scroll down until you find Manual proxy setup and turn on Use proxy server.
  2. Paste the proxy server’s Address and Port into the respective fields.Screenshot showing how to open your website via proxy
  1. Click Save.

9. Restart Your Router

Rebooting your WiFi router might be the simplest way to fix common network issues. It’s worth trying this method when encountering the “Your connection is not private” error.

A router has its own CPU, memory, and operating system, which can sometimes overheat or experience errors. Restarting your router is a quick and easy way to refresh it. Make sure to wait at least a few seconds before turning it on again.

Routers contain capacitors that may keep running for a few seconds after you turn the device off. The short interval ensures that the capacitor will be empty, allowing your router to fully clear its memory and reset failed tasks once it’s turned on again.

10. Manually Proceed With an Unsafe Connection (Unsafe)

If everything else fails, remember that the “Your connection is not private” message can’t prevent you from visiting the website. You can still enter the site at your own risk.

Such websites may contain vulnerabilities that attackers may exploit to steal sensitive information, including your full name, address, passwords, and credit card numbers. While browsing the site, make sure to avoid clicking on any ads, making online payments or giving away any personal data.To proceed manually to the site on Chrome, click on Advanced -> Proceed to (website’s domain name) at the bottom of the message.

11. Ignore the SSL Certificate Error Entirely (Unsafe)

Bypassing the privacy error manually only fixes the issue temporarily. To proceed past “Your Connection Is Not Private” message in the future, you can make the web browser ignore the SSL connection error altogether.

Remember that this method will only place the warning on silent mode – the private connection issue might still be there and prevent you from accessing unsafe sites.

If you want to proceed, here’s how to do it on Windows:

  1. Right-click on the Google Chrome shortcut on your desktop.
  2. Click Properties.
  3. In the Target field, add the following after the quotation marks:
-–ignore-certificate-errors.

Google Chrome properties change target section

  1. Click OK to save your changes.
  2. If the error code NET::ERR_CERT_COMMON_NAME_INVALID appears, bypass it by clicking the Proceed button.
  3. Revisit the website, and the error message will disappear.

You can achieve a similar effect by using Chrome flags. This is especially useful if you’re testing something locally. Type the following into Chrome’s address bar:

chrome://flags/

From there, search for the “Allow invalid certificates for resources loaded from localhost” option and select Enabled.

Screenshot showing how to ignore SSL certificate entirely on Chrome

Conclusion

“Your connection is not private” error message is primarily caused by SSL certificate errors. However, in some cases, it can be caused by client-side issues.

While it is only one of many common connectivity errors, finding a fix for it may be troubling. This tutorial has covered several ways to fix this issue.

For example, we covered how to check your SSL certificate as a website owner and how to clear your browsing data cache to fix this issue as a visitor.

We hope that this article has helped you troubleshoot this error. If you have any questions or tips, feel free to leave them in the comments section below.

Your Connection Is Not Private Error FAQ

Why Does Chrome Keep Saying My Connection Is Not Private?

Your browser will tell you that your connection is not private when there is an issue with proper encryption of your internet connection.

What Causes ‘Your Connection Is Not Private’ Error?

This error is often related to issues with a website’s SSL certificate. It might be missing or expired, or it’s not been legitimately issued by the correct authorities.

The author

Hasna is passionate about tech, culture, and the written word. She hopes to create content that helps people succeed on the web. When not writing, rearranging, or polishing sentences, she enjoys live music and overanalyzing movies.