thisisunsafe - how to bypass Chrome's ERR_CERT_INVALID warning
By Mike Street
TL:DR; If presented with a NET::ERR_CERT_INVALID Chrome error then focus the chrome window and type the letters thisisunsafe - the window should refresh with the website.
During a website prelaunch, you may wish to preview the new website on an existing domain. To do this, you can update your host file, flush the DNS cache and open your browser.
Side-note: If you are on a Mac you can do this with:
- Host file is here:
/etc/hosts - Flush the computer's DNS cache with:
sudo killall -HUP mDNSResponder - You may need to go to
chrome://net-internals/#dnsto flush Chrome's DNS
However, if the ne server is using a self-signed SSL certificate then you are often faced with something that looks like this:
Self-signed certificates occur when Let's Encrypt is used as the SSL provider. The most common way for Let's Encrypt to issue a certificate is to be able to access the website on the "live" domain name - which if you are previewing a new environment it won't be able to do. In which case, a self-signed certificate is often used.
Chrome, by default, prevents you from accessing sites with a self-signed or invalid SSL (blah blah, security) and, instead, displays the page shown above with no obvious way to bypass.
There is a way around this, however, by typing thisisunsafe.
It goes without saying (despite me now saying it), you should only do this if you trust the website and server. Using a Chrome extension like Website IP allows you to see which IP you are visiting to ensure it is trustworthy.
To use the "thisisunsafe" workaround
- Click the Chrome window to ensure it is active
- Type the letters thisisunsafe and wait
- The page should refresh with your website in view
Reference link: Chrome: Bypass NET::ERR_CERT_INVALID for development
