How To Fix NET:: ERR_CERT_REVOKED Error in Google Chrome

Last updated: Oct 31, 2025

Modern websites rely on SSL/TLS certificates to secure connections and build trust with users. But when a browser like Google Chrome detects an issue with a certificate, it can block access completely—even if the website works normally otherwise. One of the most serious SSL errors users encounter in Chrome is NET::ERR_CERT_REVOKED.

This error occurs when a website presents an SSL certificate that was previously valid but has since been revoked by its issuing Certificate Authority (CA). Unlike other certificate issues like expiration or misconfiguration, a revocation is a direct action by the CA to declare the certificate untrusted. This impacts both users—who are blocked from accessing the site—and administrators—who must urgently replace the certificate or risk losing user trust, revenue, and search visibility.

This guide explains what the NET::ERR_CERT_REVOKED error means, why it occurs, and how to fix it from both the user’s perspective and the admin’s perspective. If you’re seeing this error message in Chrome, whether as an end user or the site owner, the material below will help you understand exactly what you need to do next.

What Does NET::ERR_CERT_REVOKED Mean?

The error NET::ERR_CERT_REVOKED means that Chrome has detected that the SSL/TLS certificate presented by the website has been revoked by the Certificate Authority (CA) that issued it. In practical terms, the certificate used to be trusted and valid, but it has now been added to a revocation list, making it immediately untrusted.

All SSL/TLS certificates are designed to verify that the site you are connecting to is legitimate, and that all communication between the site and the user is encrypted. When a certificate is revoked, the browser becomes aware of its invalidation through one of two standard mechanisms: the Certificate Revocation List (CRL) or the Online Certificate Status Protocol (OCSP). Both are systems used by browsers and servers to check the validity of certificates in real time.

This is different from a certificate expiring or being misconfigured. A revoked certificate is considered compromised or invalid on purpose before its expiration date. The browser will then reject any HTTPS connection attempt involving that certificate and show the NET::ERR_CERT_REVOKED warning.

That is why Chrome responds much more aggressively to revocation errors than it does to some other SSL certificate errors such as NET::ERR_CERT_DATE_INVALID or certificate authority errors: the browser has learned from a trusted source that the certificate has been intentionally terminated.

Why Does Chrome Display This Revoked Certificate Error?

Every time you visit a secure site (one that starts with HTTPS), Chrome performs a series of checks against the certificate the server provides. These include checking whether:

• The certificate was issued by a trusted CA
• The certificate matches the domain name
• The certificate has not expired
• The certificate has not been revoked

If any of these checks fail, the browser displays an error. A revocation error is particularly severe because the certificate has been marked as invalid by the authority that issued it. Chrome uses OCSP or CRL to query the status of the certificate before accepting it. If the certificate has been revoked, Chrome blocks the connection.

Because Chrome is strict about SSL validation, even if the server has been updated with a new certificate, users may still see this error if something in the SSL chain or the revocation status hasn’t been properly updated or cached.

Who Is This Error Meant For and Who Can Fix It?

It’s important to understand that the NET::ERR_CERT_REVOKED error affects two distinct audiences differently: those trying to visit the website and those responsible for hosting or maintaining the site.

Website Visitors (End Users)

As a visitor to a website, if you see this error, it generally means that the website’s SSL certificate is untrusted and has been revoked. There is very little you can do to fix the issue on the website itself. While it is possible to perform some local troubleshooting—such as checking your system clock, clearing browser cache, or disabling security software—the deeper issue must be addressed by the site owner. You should not bypass the error unless absolutely necessary, as the certificate may have been revoked for security reasons.

Website Owners and Admins

If you are responsible for the website and hosting, you must fix this error urgently. The only reliable solution is to replace the revoked SSL certificate with a newly issued one. A revoked certificate cannot be restored or reused. This means you must contact your Certificate Authority, request a new certificate, and install it correctly on your web server.

Fixing the NET::ERR_CERT_REVOKED Error as a Website Visitor

As a visitor, you are generally limited in what you can do since certificate revocation happens at the server and CA level. However, if you suspect it may be a local issue with your system or browser, you can apply the following techniques to rule out device-specific causes. These techniques are especially useful if the error only appears on your device or browser and not for others accessing the same website.

Check and Correct System Date and Time

SSL certificates rely on time-based validity. If your device’s date or time are set incorrectly—whether ahead of real time or behind—it can cause Chrome to reject or misinterpret valid certificates. Adjust your system clock to use automatic network time synchronization and try reloading the website.

Temporarily Disable Antivirus HTTPS Scanning

Some antivirus programs insert their own certificates to scan encrypted connections. This can create false positives where Chrome flags certificates as invalid or revoked because the antivirus filter misrepresents the certificate chain. Temporarily disable HTTPS scanning in your antivirus settings and refresh the page to test this.

Clear SSL State and Browser Cache

Browsers sometimes cache certificate information. You can clear SSL state through Windows Internet Options and clear general cache using Chrome’s privacy settings. Reload your browser and revisit the site to ensure Chrome performs a fresh SSL handshake.

Flush DNS Cache

Your device may have cached an old DNS entry that points to a server presenting the revoked certificate. Flushing DNS forces your system to resolve the domain fresh. This can be done in Windows via the command line using ipconfig /flushdns.

Use Another Connection or Device

If the site works on another device or browser, your network or device configuration may be interfering with SSL validation. Trying another device or network can help you confirm this.

However, if these steps do not resolve the issue, the website itself likely has a revoked certificate and you should notify the site owner. The website administrator will need to act to correct the issue.

Fixing the NET::ERR_CERT_REVOKED Error as a Webmaster or Admin

If you are responsible for managing the website or server showing this error, resolving it must be done by repairing the SSL implementation. Since revocation is irreversible, you must replace the old revoked SSL certificate with a new, valid certificate. Doing so correctly restores trust between clients (browsers) and your web server.

Step 1: Verify Certificate Revocation

First, confirm that the certificate is indeed revoked and determine how it is being flagged. You can use one of the following methods:

• Run an SSL scan on the website using a public tool like SSL Labs
• Use DigiCert’s SSL checker or SSL Shopper
• Check Chrome’s DevTools Security tab for certificate inspection
• Run OpenSSL to check the certificate on your server:

openssl s_client -connect yourdomain.com:443 -servername yourdomain.com | openssl x509 -text -noout

Look for OCSP or CRL status fields indicating that the certificate has been revoked.

Step 2: Determine Why the Certificate Was Revoked

Common reasons include:

• The certificate’s private key was compromised
• The certificate was issued to the wrong entity due to misconfiguration
• The domain name changed ownership after the certificate was issued
• The issuing CA was informed of misuse or policy violations
• The certificate is being replaced prematurely and the old one was revoked early

It is helpful to contact your Certificate Authority or hosting provider to confirm why the revocation occurred. Some CAs include a reason code in the revocation data itself.

Step 3: Reissue or Purchase a Replacement SSL Certificate

A revoked certificate cannot be repaired. You must obtain a new certificate. Log into your Certificate Authority account and request a reissue or generate a new certificate (CSR). Always generate a new private key associated with the certificate, especially if you suspect the previous key was compromised.

Once the certificate is validated and issued, download the certificate files including:

• The leaf certificate
• The intermediate certificate(s)
• The root certificate (if required for your environment)

Step 4: Install the New SSL Certificate

The new certificate must be installed correctly depending on your server type. This involves creating new configuration files that properly reference the new certificate and key files.

Apache example:

SSLCertificateFile /etc/ssl/certs/your_cert.crt
SSLCertificateKeyFile /etc/ssl/private/your_key.key
SSLCertificateChainFile /etc/ssl/certs/ca_bundle.crt
systemctl restart apache2

Nginx example:

ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
systemctl restart nginx

IIS example:

1. Import the .pfx file using the MMC certificate manager
2. Open Internet Information Services Manager
3. Edit Bindings for HTTPS
4. Select the new certificate
5. Remove the old certificate from the server certificate store

Be sure that the full chain of trust is installed — meaning that any intermediate certificates must be referenced. Modern browsers, especially Chrome, require the correct intermediate certificates to avoid trust failures.

Step 5: Test and Confirm Resolution

Once the new certificate is installed, verify the change using the following methods:

• Re-run SSL Labs test for the domain and confirm grade A or higher
• Visit the site in Chrome and inspect the certificate details
• Use command line tools such as:

curl -Iv https://yourdomain.com

Check the serial number and expiration date to ensure the new certificate is being used.

At this point, the revocation error should no longer appear. If it still appears, you may need to clear browser cache or remove old certificates stored in your server or CDN cache.

Preventing Certificate Revocation Issues in the Future

Avoiding future issues with certificate revocation requires adhering to SSL security best practices. The most common causes of revocation are private key exposure and misconfiguration. To help prevent these outcomes:

• Store private keys securely and restrict permissions
• Enable automated SSL renewal to avoid misconfigured reissues
• Use HTTPS monitoring tools to receive alerts for certificate errors
• Configure OCSP stapling to support faster revocation checks
• Use Let’s Encrypt with verified ACME clients to automate certificate rotation
• Avoid embedding private keys in Docker images, Git, shared hosting, or public directories

Certificate management should be treated with the same seriousness as password management or server security. One leak can trigger immediate revocation and site downtime, so proactive monitoring and defense are required.

Frequently Asked Questions

What does the NET::ERR_CERT_REVOKED error mean?
It means the SSL certificate presented by the website has been revoked by the issuing Certificate Authority and is no longer trusted by browsers like Chrome.

Can this error be ignored or bypassed?
It can be bypassed in developer mode but is not safe for regular users. The error signals a trusted authority has revoked the certificate for possible security reasons.

How do I fix NET::ERR_CERT_REVOKED in Google Chrome?
As a visitor, verify your date/time, browser cache, and antivirus settings. As a website admin, replace the revoked certificate with a new CA-issued certificate.

Why was my SSL certificate revoked?
Common reasons include compromised private keys, CA misissuance, policy violations, or company/domain changes.

Is a revoked certificate the same as an expired certificate?
No. An expired certificate has passed its valid date range; a revoked certificate is actively invalidated before expiration.

Conclusion

The NET::ERR_CERT_REVOKED error in Google Chrome is a serious SSL/TLS certificate issue that requires immediate attention. For visitors, it is a warning not to trust the connection. For site owners and developers, it is a direct signal that the certificate must be replaced and reinstalled correctly.

Replacing a revoked certificate is not optional — it is the only reliable way to restore trust, site functionality, and search ranking optimization. With careful key handling, automated renewal, and SSL monitoring tools, you can prevent the error from recurring and keep your site fully secure and compliant.