If you’re a website owner, you’re probably already aware that web security technologies are constantly evolving to keep your projects safe. Thanks to the same security developments, online users can rest easy navigating the web, too. However, some websites may not be up-to-date with the latest security measures, which can trigger the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error.

The good news is that this error doesn’t signify major negligence on the part of a website owner. Moreover, it can be easily fixed by updating an SSL/TLS certificate. Alternatively, if this error message is mistakenly triggered, users can try a handful of simple troubleshooting tactics to resolve it.

In this post, we’ll explore the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error and what causes it. Then, we’ll show both website owners and visitors how to fix the problem. Let’s dive right in!

Check Out Our Video Guide To Fixing The NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error:

What Is the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error?

When you’re navigating the web, you might run into the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM. This isn’t ideal, as it will get in your way when you’re trying to access a website:

NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM in Google Chrome
NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM

This error might be a bit shocking to both website owners and visitors. It includes a universally familiar symbol for danger (a red hazard symbol) and states, “Your connection is not private.” Therefore, it’s bound to make you at least slightly nervous.

In order to understand the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error, it’s crucial to have a baseline understanding of the Secure Sockets Layer (SSL) protocol first. This protocol gives websites and users an added layer of security by encrypting and authenticating data between web servers and browsers.

The protocol is especially crucial for ecommerce websites that handle sensitive user information such as credit card details, passwords, and other personal data. While the SSL protocol came first, the Transport Layer Security (TLS) protocol is more commonplace nowadays. That’s because it’s basically a more recent version of SSL.

You may be wondering why any of this is relevant to the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error. We’ll explain this in the next section as we explore its causes.

What Causes the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error?

Now that you know more about the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error and the SSL/TLS protocols, let’s discuss how to implement the latter on a site. Then, we’ll be able to dive deeper into the true causes of the error message.

As we’ve discussed, thanks to encryption, the SSL and TLS protocols can help protect websites from hackers and other security threats. Fortunately, it’s super easy to run this protocol on your site. You’ll just need to get an SSL or TLS certificate. Even better, you can often get one for free:

The Let’s Encrypt website
Let’s Encrypt

For example, you can use Let’s Encrypt for a free TLS certificate. However, if you don’t carefully choose your certificate, or it becomes outdated, you might run into the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error.

Without getting too much into the nitty-gritty details, SSL/TLS certificates need to use a Secure Hash Algorithm (SHA) to work properly. In the past, SHA-1 was the norm. However, a more secure version, called SHA-2, was developed later on.

Simply put, if your SSL or TLS certificate uses SHA-1, then this could trigger the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error.

For website owners, an outdated SSL or TLS certificate is the main cause of this error. However, technology is imperfect, and the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error could also be triggered mistakenly.

When it comes to website users, here are a few common culprits that might trigger this error accidentally:

  • Outdated web browsers
  • Browser settings
  • Active firewalls
  • Corrupt cache or cookies
  • Faulty or incompatible browser extensions

The exact cause may not be apparent from the outset. In the next two sections, we’ll show both website owners and visitors how to resolve the error.

How To Fix the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error (The Only Solution for Website Owners)

If your own website is showing the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error, there’s no need to panic. You might even be comforted by the fact that there’s really only one solution to this problem.

To fix this error, you just need to have your SSL or TLS certificate re-issued or buy a new one. Of course, you’ll want to double-check that your new certificate will use either SHA-2 or SHA-256 (not SHA-1).

At this point, you might also want to assess whether it’s a good time to change web hosts. Managing this part of your website can be tedious and stressful. Therefore, you may prefer a web hosting provider that simplifies the process:

A landing page for the Kinsta Cloudflare integration
Kinsta Cloudflare integration

At Kinsta, all of our hosting services include a free Cloudflare SSL certificate with wildcard support, which uses SHA-2. What’s more, this service is included automatically, so you won’t have to deal with the hassle of installing an SSL certificate on your site.

If you check with your SSL/TLS provider or web host and discover that your certificate is indeed up-to-date, but you’re still seeing the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error, that means the message is being erroneously displayed. In that case, you’re dealing with a user-side issue, so continue to the next section to figure out what that is.

How To Fix the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error (7 Solutions for Website Visitors)

If you’ve confirmed that your SSL/TLS certificate isn’t the problem, or you’re a cautious website visitor who has encountered this error, it’s time to start troubleshooting. Here are seven solutions for the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error!

1. Update Your Browser

NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM isn’t among the most common errors, but most of its solutions are highly straightforward. In fact, sometimes, resolving the error is as simple as updating your browser.

This error can appear in any web browser. However, since Google Chrome is the most popular browser on the market, we’ll use it for our examples in this tutorial.

To update Chrome, simply open the browser and click on the three dots next to your navigation bar. Then, select Help followed by About Google Chrome:

Google Chrome Help settings
Google Chrome help

On the following page, you’ll see the option to update Chrome if it’s out-of-date. If you can’t find this option, you’re running the most current version of the web browser.

Go ahead and run the update and try accessing the page that’s showing the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM again.

2. Reset Your Browser Settings

Another easy way to resolve NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM in Chrome is by resetting your browser settings. Once again, click on the three dots next to your navigation bar to do this.

After that, head to Settings > Reset Settings:

Reset settings in Google Chrome
Google Chrome reset settings

Next, click on Restore settings to their original defaults. You’ll then see the following message:

Confirming settings reset in Chrome
Confirming settings reset in Chrome

To move forward, simply click on the Reset settings button. When the process is finished, the page will refresh, and you won’t receive another confirmation. Then, you can return to the website showing the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error to check if it’s accessible. If it’s not, continue reading!

3. Disable Any Active Firewalls

Until now, we’ve only shown you how to troubleshoot this error within your web browser. However, your operating system could also be to blame. When your device is using a firewall, it could accidentally block a safe website, leading to the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error.

Fortunately, disabling firewalls on both Windows and Mac devices is super easy. Let’s start with how to do this on a Mac computer.

To begin, go to System Preferences > Security & Privacy and click on the Firewall tab:

Mac firewall settings
Firewall settings on Mac

If you discover that your firewall is turned off, you can stop here and skip to the next method. However, if it is on, select the lock at the bottom left of the window.

You’ll need to enter your password to continue. Next, hit the button that says Turn Off Firewall and click on the lock again to save the changes:

Turning off a firewall on a Mac device
Turning off a firewall on a Mac device

It’s as simple as that!

On Windows, go to Control Panel > System > Privacy & security. After that, select Windows Security and find Firewall & network protection:

Manage Windows firewalls
Manage firewalls in Windows

You can manage all of your Windows firewalls on this screen. When you’re finished, go back to your browser to check if the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error has been fixed.

4. Turn off Browser Extensions

As we discussed before, Google Chrome is the most widely used browser. One of the reasons for its popularity is that you can extend its functionality through Chrome extensions. These convenient add-ons can help you with loads of things, like checking your grammar, managing your passwords, and more.

However, since extensions come from third-party developers, there is always a risk that they are incompatible with each other or certain websites. You can see if one of your extensions is triggering the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM in Chrome by trying to access the site using an Incognito window.

By default, all of your Chrome extensions are disabled in Incognito, so this is a quick way to determine if they’re to blame:

Incognito mode in Chrome.
Incognito

If you discover that you can access the site without issue in Incognito mode, one of your Chrome extensions is likely behind the error.

In this case, simply open Chrome (in regular mode) and click on the puzzle icon to the right of your navigation bar. This will open a dropdown menu showing some of your extensions. Find Manage Extensions at the bottom and click on it.

Alternatively, you can simply go to Settings > Extensions to get to the same screen:

Google Chrome extensions
Google Chrome extensions

From this page, you can easily turn off any active extensions by clicking on the toggle button in the bottom right-hand corner of its panel.

However, at this point, you don’t know which extension is causing the error. So, turn them off one by one to determine this. Then, you can remove the problematic Chrome extension to avoid errors in the future.

5. Clear Your Browser Cache and Cookies

Browser caching stores some of a website’s data in your browser the first time you visit it. This way, the next time you access that site, its content won’t need to load from scratch. Since this cached data is already available in your browser’s ‘memory’, it can be retrieved faster the next time you visit that webpage.

Unfortunately, data stored in your browser cache can become outdated, and it could trigger errors like NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM in Chrome. Moreover, the same is true for third-party cookies.

Therefore, you might be able to resolve the error by clearing your browser cache and removing any tracking cookies. Luckily, you can do both of these things in one fell swoop.

In Chrome, simply click on the three dots and go to More Tools > Clear Browsing Data:

Clear browsing data under more tools
More Tools settings in Chrome

After that, you’ll see the following pop-up window:

Clearing browsing data in Chrome
Clear browsing data

To cover all your bases, choose All time as your time range. Next, select Cookies and other site data along with Cached images and files.

Click on the Clear data button. Now, return to the website showing the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error and see if it’s working!

6. Fix Your Device’s Date and Time Settings

If your device’s date and time settings are incorrect, they could also accidentally trigger the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error.

To remedy this on a Mac device, navigate to System Preferences > Date & Time and select the Date & Time tab:

Date and time settings on a Mac device
Date and time settings on Mac

Click on the lock in the bottom left corner to make changes. You’ll need to enter your password once again.

If the Set date and time automatically box is not checked, go ahead and select it. Then, click on the lock again to confirm your changes.

On Windows, you’ll need to navigate to Control Panel > Clock and Region. Under Date and Time, click on Set the time and date. In the pop-up, select the Internet Time tab:

Date and time settings on a Windows device
Date and time settings on a Windows

Here, you’ll also be able to set an automatic time.

7. Continue With an Insecure Connection

If you’ve tried all of these strategies for fixing NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM in Chrome, and none of them worked, there is one final option. While we don’t recommend it, you can always return to the error page and click on Advanced.

In some cases, you can continue to the website even though it doesn’t have a secure connection. Again, we don’t recommend this approach. If you access a site that isn’t properly encrypted, you could be putting your data at risk.

Summary

If you see NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM while navigating the web, it can be a bit unnerving. Even worse, if your own website is triggering the error message, it might deter visitors who are concerned about the safety of your site. Fortunately, this rare error is pretty easy to fix.

If you’re the website owner, you’ll just need to get a new SSL or TLS certificate that uses SHA-2. Meanwhile, if you’re a site visitor, you can try troubleshooting. Start by updating your web browser, resetting your browser settings, and turning off browser extensions. Then, you can reconfigure your device’s date and time and clear your browser cache and cookies.

Do you want to ensure that your website’s visitors don’t run into error messages when trying to access your content? A dependable web host can help you out. At Kinsta, all of our hosting plans include a Cloudflare integration, which automatically provides up-to-date SSL certificates for free. Plus, we have a 24/7 support team if you have any problems. Sign up for Kinsta today!