Your Clock Is Ahead / Behind: What It Means and How to Fix It

Why a wrong clock breaks HTTPS

Every SSL/TLS certificate contains two dates: notBefore (when it becomes valid) and notAfter (when it expires). During the TLS handshake, Chrome checks that the current system time falls between those two dates. If your clock is ahead of notAfter, every certificate looks expired. If your clock is behind notBefore, every certificate looks not-yet-valid. Both trigger the same NET::ERR_CERT_DATE_INVALID warning. Correcting the clock to real time resolves the error immediately — no server changes needed.

Most likely causes (ranked)

1. Dead CMOS battery on a desktop PC — clock resets to 2000 or 2004 on every power cycle
2. NTP sync disabled or NTP server unreachable — clock drifted over days/weeks
3. Manual clock change — wrong date set accidentally
4. Virtual machine with clock sync disabled
5. Rare: certificate issued with a future notBefore date (site's fault, not yours)

How to fix Your Clock Is Ahead or Behind

Step 1: Sync the clock on Windows

Settings → Time & Language → Date & time → toggle Set time automatically off, then on → click Sync now.
For an immediate forced sync via Command Prompt (admin):

w32tm /resync /force

Step 2: Sync the clock on macOS

System Settings → General → Date & Time → toggle Set date and time automatically off, then on.
Or via Terminal:

sudo sntp -sS time.apple.com

Step 3: Sync the clock on Linux

sudo timedatectl set-ntp true
timedatectl status

For an immediate step (chrony):

sudo chronyc makestep

Step 4: Fix on iOS or Android

iOS: Settings → General → Date & Time → enable Set Automatically.
Android: Settings → General Management (Samsung) or System → Date and time → enable Automatic date and time.

Step 5: Replace the CMOS battery (desktop PCs)

If the clock resets to a wrong date every time the PC is unplugged or restarted, the CMOS battery is dead. It's a CR2032 coin cell on the motherboard. Replace it, set the time again, and enable NTP sync so it stays correct.

Frequently Asked Questions

Why does a wrong clock break HTTPS?

SSL certificates have a notBefore and notAfter date. Chrome checks your system clock against these dates. A clock in the future makes all certificates look expired; a clock in the past makes them look not-yet-valid. Both trigger this error. Syncing the clock fixes it instantly.

Can the site be at fault for this error?

Rarely. Verify your clock is correct at any time-checking website. If your clock is accurate and the error appears only on one specific site, the server's certificate has an incorrect notBefore date set in the future — a CA or configuration error. Report it to the site operator.