ERR_BAD_SSL_CLIENT_AUTH_CERT: What It Is and How to Fix It (2025 Guide)

You’re browsing the web, trying to visit a site you’ve used a hundred times, and instead of the webpage, Chrome shows you an error message ERR_BAD_SSL_CLIENT_AUTH_CERT.

Not exactly self-explanatory.

In most cases, this error happens on your end. Maybe your browser’s out of date. Maybe your device’s clock is off. Or it could be some setting you didn’t even know existed.

But sometimes, it’s the website’s fault. If the SSL certificate is expired, misconfigured, or just plain missing something, the browser blocks the connection to protect you.

So what do you do?

Well, that depends. Are you just trying to access a site, or do you actually run the site? This guide covers both. A few simple steps for regular users, and some quick tips for site owners too.

Let’s get started…

What Is the ERR_BAD_SSL_CLIENT_AUTH_CERT Error?

When you see the ERR_BAD_SSL_CLIENT_AUTH_CERT error in Chrome, it usually means your browser couldn’t verify a security certificate that’s supposed to confirm the website is safe to visit.

This error often comes up when a site asks for a client certificate—which is basically a way to double-check that you (the visitor) are who you say you are.

But if that certificate is missing, expired, or not trusted by the website’s server, Chrome blocks the connection.

It’s less common than typical SSL errors, but still frustrating. It is important to note that this error is a generic security measure that can appear in other browsers as well like Edge, not just Chrome. And on operating systems like Windows, Mac, and Android.

How Does the ERR_BAD_SSL_CLIENT_AUTH_CERT Error Look on Chrome

Like I mentioned before, this error is not specific to just Chrome. However, if you are using Chrome, you’ll see a simple error message, “This site can’t provide a secure connection”, followed by an error “ERR_BAD_SSL_CLIENT_AUTH_CERT”.

Before we go ahead and look at the fixes for this error, let’s take a look at some of the common causes that may trigger this error.

How to Fix the ERR_BAD_SSL_CLIENT_AUTH_CERT Error (For Regular Website Visitors)

If you’re facing the ERR_BAD_SSL_CLIENT_AUTH_CERT error, the problem may be with your local setup. Running a few easy troubleshooting steps can quickly fix this issue.

Below, I’ve covered some of the most effective troubleshooting steps to resolve this error from your end.

1. Clear Your Browser’s Cache and Cookies

Your browser stores a lot of temporary data to help websites load faster, but sometimes this data can become corrupted or outdated. Old cookies and cached files can interfere with the SSL handshake process, leading to an error.

For Google Chrome:

• Click the three vertical dots in the top-right corner of your browser window.
• From dropdown, go to Settings.

• Then head to Privacy and Security > Delete browsing data.

• In the new window, set the Time range to All time.
• Check boxes for Cookies, Cached images and files and other site data.
• Click the Delete data button.

2. Synchronize Your Device’s Date and Time

An incorrect date or time on your computer can cause a security certificate to appear invalid. This is because SSL certificates have a specific validity period, and if your system’s clock is off, the browser might think the certificate is expired.

For Windows:

• Right-click the clock in the bottom-right corner of your taskbar.

• Select Adjust date and time.
• Make sure Set time automatically and Set time zone automatically are both toggled on. If they are already on, try toggling them off and then on again to force a sync.

For macOS:

• Click the Apple menu in the top-left corner and select System Settings.
• Go to General > Date & Time.
• Ensure Set date and time automatically is enabled.

3. Temporarily Disable Browser Extensions and Antivirus Software

Both browser extensions and antivirus programs are designed to protect you, but they can sometimes be a bit overzealous.

An extension might be interfering with the security protocol, or your antivirus software could be blocking a legitimate connection.

To Check Browser Extensions:

• In Chrome, type chrome://extensions into the address bar and press Enter.
• You’ll see a list of all your installed extensions.
• Toggle each one off one by one, then try to visit the website again. If the error disappears after disabling a specific extension, you’ve found the culprit. You can then choose to remove it or keep it disabled for that site.

To Check Antivirus Software:

• Temporarily disable your antivirus software. The process for this varies depending on the software you use. Look for a shield icon in your system tray (Windows) or menu bar (Mac) and right-click to find an option like “temporarily disable protection.”

• Once disabled, try to access the website. If the error is gone, you’ll need to configure your antivirus settings to allow the connection or consider using a different security program. Remember to re-enable your antivirus software afterward to stay protected.

4. Update Your Browser and Operating System

An outdated browser or operating system can have known bugs that trigger security errors. Keeping your software up to date ensures you have the latest security patches and features.

To Update Google Chrome:

• Open Chrome and click the three vertical dots in the top-right.
• Go to Help > About Google Chrome.

• Chrome will automatically check for and install any available updates. You may need to relaunch the browser to complete the update.

To Update Your Device:

• Windows: Go to Settings > Windows Update.

• Mac: Go to System Settings > General > Software Update.

5. Remove Conflicting Certificates

Occasionally, a corrupted or conflicting certificate stored in your browser’s internal certificate store can cause issues. This is a bit more of an advanced step, but it’s a valid troubleshooting method.

For Google Chrome:

• Type chrome://settings/security into the address bar and press Enter.

• Scroll down to the Advanced section.
• Click on Manage certificates.

• Review the certificates listed. If you see any that look suspicious or are related to a site where you’re having trouble, you can try deleting them. However, be cautious and avoid deleting certificates from trusted root authorities.

6. Consider Disabling QUIC Protocol

QUIC (Quick UDP Internet Connections) is an experimental protocol designed to speed up web connections. While it’s generally beneficial, some configurations or network setups can have trouble with it, causing SSL errors.

For Google Chrome:

• Type chrome://flags into the address bar and press Enter.

• In the search bar at the top, type “QUIC”.

• The Experimental QUIC protocol option will appear.
• Click the dropdown menu next to it and select Disabled.

• Relaunch Chrome.

7. Check the SSL Certificate Chain

This is a more technical tip, but it can be surprisingly useful. The “certificate chain” is a linked sequence of certificates that leads back to a trusted root authority. If any part of this chain is broken or missing, your browser will flag it.

To check the chain:

• Click the padlock icon to the left of the URL in your browser’s address bar.
• Select Connection is secure > Certificate is valid.

• Go to the Certification Path tab. Here, you can inspect the entire chain and see if any part of it is flagged with a red cross or a warning icon.

• If you notice a problem here, the issue is likely on the website owner’s end, and you might want to try reaching out to them. As you can see in the screenshot above, there is no such error found on the Cloudways website.
• This is how Comodo SSL Store warns when the SSL certificate chain is broken.

If you’re a Cloudways user, you may find our guide on how to fix incomplete certificate chain warning helpful.

Hosting That Keeps Your Site Secure

Get a hosting plan with built-in SSL support to prevent common certificate errors and protect your visitors.

Explore Hosting Plans

How to Fix the ERR_BAD_SSL_CLIENT_AUTH_CERT Error (For Website Owners)

When your visitors report the ERR_BAD_SSL_CLIENT_AUTH_CERT error, it’s a clear signal that something isn’t right on your server. While many of the tips for visitors we covered earlier focus on local browser issues, as a website owner, you have to dig deeper.

The error message is a symptom of a misconfiguration in your server’s security settings, specifically related to SSL client authentication.

This isn’t a common problem for most sites, but if you’re using a system that requires visitors to present their own digital certificates, it’s a critical issue.

1. Verify Your SSL Certificate Configuration

The first step is always to ensure your main SSL certificate is correctly configured. A misconfigured certificate is a common cause of various SSL errors, including this one. Check that the certificate is installed properly, hasn’t expired, and is issued for the correct domain name.

• Check for expiration: Log in to your hosting control panel or use an online tool like SSL Checker to confirm your certificate is still valid and not expired.

• Confirm domain matching: Make sure the certificate is issued for the exact domain (e.g., www.yourdomain.com) your visitors are trying to access. A mismatch will cause a security alert.

• Correct installation: Ensure the certificate files are in the right place on your server and that your server software (like Apache or Nginx) is configured to point to them correctly.

2. Ensure the SSL Certificate Chain Is Complete

An SSL certificate chain is a crucial part of the authentication process. It’s a series of certificates linking your site’s certificate back to a trusted root authority. If the chain is broken or incomplete, browsers won’t be able to verify your site’s identity, leading to the error.

Again, if we take Cloudways as an example again, you can see in the screenshot below that the SSL chain is complete and not broken:

Step 1: Diagnose and Get the Correct Intermediate Certificate

First, you need to find out if your chain is actually broken and get the correct file you need to fix it. You can’t just guess which certificate is missing.

• Use an online tool like What’s My Chain Cert? or KeyCDN’s Certificate Checker.
• Paste the content of your website’s SSL certificate into the tool and click “Generate Chain” or a similar button.

• The tool will analyze your certificate and tell you if it’s missing any intermediate certificates. It will also provide you with the correct one, often as a “CA Bundle” or “Intermediate Certificate” file that you can download.

Step 2: Install the Intermediate Certificate on Your Hosting

Once you have the correct certificate file, you need to upload it to your server. The process for this varies depending on your hosting provider.

For cPanel or Plesk

• Log into your hosting control panel.
• Look for the SSL/TLS section and open it.

• Find your website’s installed SSL certificate and select it. There’s usually a field to paste the contents of your new Intermediate Certificate or CA Bundle.
• Copy the entire content of the file you downloaded in Step 1, including the BEGIN and END tags, and paste it into the designated field.
• Save or install the updated certificate.

If you’re using Cloudways

The great thing about Cloudways is that it handles the certificate chain for you automatically, especially if you’re using their one-click Let’s Encrypt SSL. If your chain is broken, it’s often a sign that you need to force a fresh installation.

• Go to the Application Management menu on your Cloudways dashboard.
• Select the SSL Certificate tab.

• You’ll see an option to either “Install Certificate” or “Re-Install SSL.” Follow the steps to reinstall it. This will automatically fetch and install all the necessary intermediate certificates, ensuring your chain is complete.

Step 3: Verify the Fix

After you’ve updated the certificate, use the same online tool from Step 1 to re-check your site. The tool should now report that your certificate chain is complete and trusted. Your visitors’ browsers will also be able to verify your site’s identity, resolving the ERR_BAD_SSL_CLIENT_AUTH_CERT error.

If you’re a Cloudways customer and are still having trouble, you can always reach out to their support team. They are familiar with these issues and can help you resolve them quickly.

3. Update Your Server Software

Outdated server software (like Apache, Nginx, or even your specific CMS) can contain bugs or security vulnerabilities that interfere with modern SSL protocols. Keeping everything updated is a fundamental best practice.

• Check for updates: Consult your hosting provider’s documentation or your server’s control panel to check for and apply any pending updates to your web server software. At Cloudways, we automate many of these security patches, and we make major server software updates—like changing your PHP version—a simple, one-click process from your dashboard.

• Look for known issues: Search for known SSL-related bugs online for your specific version of server software. A quick search might reveal that others have encountered the same problem and found a solution.

4. Renew Your SSL Certificate

If your SSL certificate has expired, most modern browsers will refuse to connect to a site with an expired certificate.

• Automated Renewal: If you’re using a free service like Let’s Encrypt, make sure your automated renewal script is running correctly. Many hosting providers handle this automatically, but it’s worth double-checking. On Cloudways, the SSL renewal process is automated. Our system handles the renewal of your one-click Let’s Encrypt certificate every three months, which is designed to prevent your certificate from ever expiring unexpectedly.
• Manual Renewal: If you have a paid SSL certificate, you’ll need to purchase a new one from your provider and install it on your server. Be sure to install all the necessary files, including the intermediate certificate.

5. Investigate Your Client Authentication Settings

This is the most direct cause of the ERR_BAD_SSL_CLIENT_AUTH_CERT error. It occurs when your server is configured to require a client-side certificate from the user, but the user’s browser doesn’t have one to provide.

This is a very specific setting not used by most public-facing websites. It’s typically reserved for intranet sites or private networks where only verified users with a specific certificate can connect.

Review server configuration files:

• For Apache: Look for a directive like SSLVerifyClient in your virtual host configuration file. If it’s set to require or anything other than none, this is likely the problem.
• For Nginx: Look for the ssl_verify_client directive in your server block. If it’s set to on, optional, or optional_no_ca, this is the source of the ERR_BAD_SSL_CLIENT_AUTH_CERT error. The default value is off, which is what you’d expect to see for a public-facing website.

Like so:

Adjust the setting: 

Unless you have a very specific reason for requiring client-side certificates, you should set this directive to none (for Apache) or remove it entirely (for Nginx) to allow all users to connect without a client certificate.

How Cloudways Solves the ERR_BAD_SSL_CLIENT_AUTH_CERT Error

As a managed hosting platform, Cloudways simplifies the process of fixing this error, especially when it’s caused by an SSL issue. We handle the certificate chain for you automatically, so you don’t have to worry about manual file installations or server configurations.

Our platform provides a one-click Let’s Encrypt SSL certificate that is automatically renewed every three months. This feature is designed to prevent your certificate from expiring unexpectedly and ensures all the necessary intermediate certificates are installed correctly.

If you encounter the ERR_BAD_SSL_CLIENT_AUTH_CERT error, the first thing to do is to go to your SSL Certificate tab in your application management panel and perform a quick reinstallation. This will resolve most SSL-related problems on the server side instantly.

Wrapping Up!

The ERR_BAD_SSL_CLIENT_AUTH_CERT error can feel like a complicated problem, but in most cases, the fix is fairly straightforward — whether it’s on your end as a visitor, or with the website’s server.

If you’re a regular user, solutions usually boil down to a few quick fixes: clearing your browser cache, checking that your system clock is accurate, or making sure your browser is fully updated.

For website owners, however, this error typically points to deeper SSL certificate issues — such as an expired cert, an incomplete certificate chain, or misconfigured client authentication settings.

If you’re hosting on Cloudways, this issue is really easy to fix. Our platform streamlines SSL management with one-click installs and automatic renewals, reducing the chances of running into issues like this in the first place.