SEC_ERROR_EXPIRED_CERTIFICATE

Fix Firefox 'Connection Not Secure' on Legit HTTPS Sites – Clock Drift

Software – Web Browsers Beginner 👁 0 views 📅 May 28, 2026

Your PC's clock is wrong. Firefox thinks certs are expired. Fix the time, fix the error. No malware needed.

Drive you crazy, doesn't it? Firefox throws that red 'Connection Not Secure' warning on a site you've used for years. You're not being hacked. Your clock is lying to you.

Let's get right to it. The real culprit here is clock drift — your computer's internal clock has wandered off from the real time. Firefox sees a certificate that says 'valid from April 1 to July 1,' but your PC says it's March 30 or July 2. Error fires. Fix the time, fix the error.

Fix it — Windows (10, 11)

  1. Right-click the clock in the system tray → 'Adjust date/time'.
  2. Toggle 'Set time automatically' to On. If it's already on, toggle it Off, wait 5 seconds, then On again.
  3. Click 'Sync now' under 'Synchronize with an Internet time server'. Wait for it to say 'Sync successful'.
  4. Check your time zone too. I had a client last month whose clock was set to UTC+5 but they were in New York. Firefox broke on every bank site.

Fix it — macOS (Ventura, Sonoma)

  1. Open System Settings → General → Date & Time.
  2. Enable 'Set date and time automatically' (you might click the lock icon to make changes).
  3. Choose 'time.apple.com' as the server. Hit Sync.

Fix it — Linux (Ubuntu, Fedora, Debian)

sudo timedatectl set-ntp true
sudo timedatectl set-timezone America/New_York  # replace with yours

If your system doesn't use systemd (rare these days), try:

sudo service ntp restart
sudo ntpdate -s time.nist.gov

Why this works

SSL/TLS certificates contain a valid-from and valid-to date. Your browser checks those against your system clock. If the clock is off by even a few minutes, certificates used for revocation checks (OCSP) fail. Firefox defaults to a hard fail — it blocks the connection rather than trusting a potentially revoked cert.

Common triggers:

  • CMOS battery dying — I see this on desktops over 3 years old. The battery holds the time when the PC is off. Replace it (CR2032, $2 on Amazon).
  • Dual-boot with Windows and Linux — If you've ever had Windows set to local time and Linux set to UTC, they'll overwrite each other's clock. Pick one (Windows defaults to local time; tell Linux to use RTC as local time with timedatectl set-local-rtc 1).
  • Virtual machines — A VM paused for days will have a stale clock. Resync the guest OS time with the host.

Less common variations

Variation 1: Time is correct, but Firefox still shows SEC_ERROR_EXPIRED_CERTIFICATE.
Sometimes Firefox's built-in certificate store gets corrupted. Go to Firefox → Settings → Privacy & Security → Certificates → click 'View Certificates' → 'Authorities' tab → scroll to any 'Let's Encrypt' entries. Revoke them and let Firefox re-download them. I've seen this happen after a failed update.

Variation 2: Only one site fails, others work.
That site's certificate might actually be expired — check on SSL Labs (ssllabs.com). If it's valid, the site may be using a certificate chain that includes an intermediate that's expired. Firefox is pickier about this than Chrome. You can't fix that — tell the site owner.

Variation 3: The error goes away after a few minutes.
Your NTP sync is intermittent. Run w32tm /resync on Windows or sudo ntpdate -s pool.ntp.org on Linux to force an immediate sync. If it fails, check firewall rules — NTP uses UDP port 123.

Prevention — keep this from happening again

  • Replace the CMOS battery every 3 years on desktops. On laptops, it's soldered or a pain — so set up automatic time sync to compensate.
  • On Windows, set a scheduled task to run w32tm /resync every day. Open Task Scheduler → Create Basic Task → trigger Daily at login → action: Start a program → program: w32tm → arguments: /resync.
  • On Linux, enable systemd-timesyncd: sudo timedatectl set-ntp true. Check with timedatectl timesync-status.
  • If you travel with a laptop, set the time zone automatically too. Windows does this by default if you turn on 'Set time zone automatically'. Manual time zones are a common source of drift.
Bottom line: 9 times out of 10, Firefox's SEC_ERROR_EXPIRED_CERTIFICATE is your clock, not the site. Fix the time, reload the page, move on with your life. If you've done that and it still fails, check the CMOS battery and the dual-boot setup. That covers 99% of cases I've seen over 15 years.

Was this solution helpful?

Firefox connection not secure SEC_ERROR_EXPIRED_CERTIFICATE clock drift fix legitimate HTTPS sites showing warning Firefox certificate error system time wrong Windows time sync Linux time sync NTP fix browser security error wrong date causes SSL error Firefox secure connection failed clock battery dead CMOS battery time zone mismatch