Today, I would like to talk about one error that people may come across when they attempt to visit a site. Sometimes, after you open a webpage on chrome, the "Your clock is ahead" error will appear. There is no "Continue" button on chrome now and you can't visit the site. What causes this error? How to solve the problem? You will find the answers in the upcoming parts of this article.
What makes "Your clock is ahead" appear
There are basically two situations causing the "Your clock is ahead" error. Situation 1 is that the SSL certificate of the site you try to visit has expired. Situation 2 is that the root certificate to issue the SSL certificate in your system has expired and your system lacks the new root certificate.
How to solve the problem
Open the site you want to visit. Click on the "Lock" icon before "https" and select "Certificate". You can see the validity of the SSL certificate on the "General" tab. If you find the SSL certificate has expired indeed, you are in the situation 1 and have two choices to solve the problem.
One choice is to add the launching parameter "--ignore-certificate-errors" to the chrome shortcut. Right click on the shortcut, choose "Property", move the cursor to the target field, add a space after ".exe", and then add --ignore-certificate-errors. Launch Chrome and now you can visit the site successfully.
Another one is to use another browser that allows you to continue to visit the site or directly skip the "Your clock is ahead" prompt like IE, Vivaldi with versions newer than 3.5, and TheWorld. IE and Vivaldi will display the "Continue" button and TheWorld will directly skip the prompt. It is sure that you will no longer see the prompt when the site SSL certificate is updated in the future.
If the status of the SSL certificate is still valid, you are in the situation 2, where your operating system lacks the root certificate. If you are using Windows 7, you will encounter this problem and you will find that there is no problem visiting the site on a Win10 computer. You have two choices to solve the problem.
The first choice is also adding the launching parameter "--ignore-certificate-errors" to the chrome shortcut.
The second one is to replace the expired root certificate with a valid root certificate. One Win 10 computer should be available to you.
- Open the site address in chrome. Click on the "Lock" icon before "https" and select certificate. Go to the "Certification Path" tab. You will see the name of the expired root certificate in your system, which is in the first line. Record the name of this expired root certificate.
- Click on the three-dot button of your chrome and choose "Settings". Go to the "Privacy and security" section and expand the "More" menu. Click on the "Manage certificates" option to open the "Certificates" window. Go to the "Trusted Root Certification Authorities" tab, find the expired root certificate, and delete it.
- Visit the site on the Win10 computer and check the name of the valid root certificate.
- Go to "Privacy and security"->"More"->"Manage certificates"->"Trusted Root Certification Authorities" in Chrome and find the name of the valid root certificate. Export this certificate and you will get a ".cer" file. Transfer it to your Win7 computer.
- Double-click on the valid root certificate to open it. Click on "Install Certificate"->"Next". Choose "Place all certificates in the following store", click on "Browse", and choose "Trusted Root Certification Authorities". Click on "OK"->"Next"->"Finish"->"Yes" to install the root certificate to your Win7 system. Relaunch chrome and you can visit the site now.
Many people getting the error "Your clock is ahead" is because their Win7 system uses DST Root CA X3 and lacks ISRG Root X1. Let's Encrypt claimed the DST Root CA X3 expiration on Sep. 30, 2021. Let's Encrypt used DST Root CA X3 to issue certificates when they got started. On Sep. 30, 2021, DST Root CA X3 expired and they started using ISRG Root X1.
To get the root certificate, visit the "certificates" page of Let's Encrypt, download the ".der" file of ISRG Root X and install it. If installing ISRG Root X1 can't solve your problem, download and install the ".der" file of ISRG Root X2.
If you still can't visit the site after replacing DST Root CA X3 with ISRG Root X1 or ISRG Root X2, please install the following system patches according to your system type.
Please note that If you are a Win7 x64/x86 sp0 user or Server 2008 R2 x64 sp0 user, you should upgrade your system to Win7 x64/x86 sp1 or Server 2008 R2 x64 sp1 Win7 before installing the patches.
Please note that if you are Server 2008 x64/86 sp1, Vista x64/x86 sp0, or Vista x64/x86 sp1 user, you should upgrade your system to Server 2008 x64/86 sp2 or Vista x64/x86 sp2 before installing the patches.
A lot of people come across the "Your clock is ahead" error but their system time is correct. Most people who can't visit the site because of this prompt are encountering one of the two situations mentioned previously. No matter which situation you are in, you can add the "--ignore-certificate-errors" parameter to your chrome to bypass the prompt. If you are in situation 2 and want to fix the error, you need to replace the expired root certificate with the valid root certificate. If you encounter another situation making "Your clock is ahead" appear, please share it with me and other people by leaving your comment below.