Defaults.Exposed › Reports
'Your Connection Is Not Private' — What It Means and How to Fix It (2026)
Published 2026-07-01
Figures as of 2026-06-29 · methodology v7. Aggregate census data across 261 million graded domains. The warning is the browser refusing to trust the encrypted connection — usually because of the certificate. See how we grade.
“Your connection is not private” is the browser stopping you before the page loads because it can’t trust the site’s certificate. It’s the full-page version of the smaller “Not secure” label — and it’s almost always a fixable certificate problem, not a hack. Of the domains presenting a certificate, 8.21% serve an invalid one that triggers exactly this screen. Here’s how to read the error and clear it.
What the error codes mean
The exact wording varies by browser (NET::ERR_CERT_* in Chrome, “Warning: Potential Security Risk” in Firefox), but the causes are the same short list:
ERR_CERT_DATE_INVALID— the certificate expired (or the device clock is wrong). The most common cause by far.ERR_CERT_AUTHORITY_INVALID— self-signed or issued by an authority the browser doesn’t trust. Among invalid certificates, 20.0% are self-signed.ERR_CERT_COMMON_NAME_INVALID— the certificate is for a different hostname (e.g. covers the bare domain but notwww).- Missing intermediate — the chain to a trusted root is incomplete, so the browser can’t verify it.
- No HTTPS at all — 21.98% of domains still serve only plain HTTP, so there’s nothing to trust in the first place.
Is it dangerous — and is it my fault?
If you run the site, it’s a configuration error to fix, not a break-in. If you’re a visitor seeing it on someone else’s site, treat it as a genuine stop sign: don’t enter passwords or card details, because the connection may not be encrypted or authentic. Either way, clicking “proceed anyway” is a last resort, not a fix.
How to fix it (site owners)
- Renew or reissue the certificate — free via Let’s Encrypt; most hosts do it automatically. This clears the expiry case immediately. See fix certificate errors.
- Match every hostname — cover both the bare domain and
www, or use a wildcard, to kill the name-mismatch error. - Serve the full chain — include the intermediate certificate so browsers can build a path to a trusted root.
- Automate renewal — the durable fix; ACME clients renew silently so you never expire again.
- Force HTTPS and add HSTS — redirect all HTTP to HTTPS and tell browsers to always use it. Only 22.91% of HTTPS sites send HSTS today. See fix HTTPS.
Frequently asked questions
Why does my browser say “your connection is not private”? Because it couldn’t trust the site’s certificate — most often it’s expired, self-signed, or issued for a different hostname. As of 2026-06-29, 8.21% of domains serving a certificate present an invalid one.
How do I fix it on my own website? Reissue a valid certificate covering every hostname, install the full chain, and automate renewal. It’s free and usually a same-day fix.
Is it safe to click “proceed anyway”? As a visitor, no — treat the warning as a stop sign and don’t enter sensitive data. As the owner, fix the certificate rather than relying on people bypassing it.
What’s the difference between this and the “Not secure” label? “Not secure” is an inline label for a page without valid HTTPS; “your connection is not private” is the full-page block a bad certificate triggers. Same root cause, different severity. See why your website says “Not Secure”.
Does it cost money to fix? No — certificates are free and renewal is automatable.
Check your certificate and HTTPS free
See exactly what a visitor’s browser sees — certificate validity, chain, and HTTPS — privately, and owner-only.
Check your domain → · Fix certificate errors → · My certificate expired → · How we grade → · Aggregate data only. Data stored and processed in the EU.