ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN

ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN Error

Category: SSL / TLS Errors | Platforms: chrome android

What This Error Means

The ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN error occurs when HTTP Public Key Pinning (HPKP) fails. The website has previously told the browser to only accept a specific public key (pin), but the certificate currently presented by the server does not match that pin. This protects against certificate misissuance but can lock users out if misconfigured.

Common Causes

  • The website owner rotated their SSL certificate but forgot to update the pins.
  • The backup pin was not deployed correctly.
  • A Man-in-the-Middle (MITM) attacker is presenting a fake certificate.
  • The browser has cached an old pin that is no longer valid.

How to Fix It (For Users)

  1. 1 Clear your browser cache and HSTS/HPKP settings (chrome://net-internals/#hsts).
  2. 2 Wait for the pin cache to expire (if set with a short max-age).
  3. 3 Contact the site owner.

For Site Owners / Developers

  1. Ensure your new certificate matches one of the pinned keys.
  2. Always have a backup pin for a separate key pair.
  3. Stop using HPKP (it is deprecated) and switch to Certificate Transparency (CT) monitoring.
  4. If locked out, you may need to wait for the `max-age` to expire for users.

When It Is NOT Your Fault

If the site owner mismanaged their key pinning strategy.

Check if this outage affects everyone globally

This error often indicates a wider problem. Use our tool to verify if the site is down for everyone.

Check Website Status →

Recommended Tool to Prevent This Error

Get alerted immediately when your SSL certificate expires or your site goes down.

Uptime & SSL Monitoring

Related Errors