Author Topic: Getting NET::ERR_CERT_INVALID privacy error  (Read 2253 times)

0 Members and 1 Guest are viewing this topic.

Offline mconcordia15

  • Newbie
  • *
  • Posts: 4
Getting NET::ERR_CERT_INVALID privacy error
« on: November 09, 2022, 01:35:07 AM »
I recently started getting the above error when trying to log into my 2 different on-line banking sites.  Now I get the same error trying to go to homedepot.com site (not trying to log it to anything, just to bring up the site.

I did try shutting off Avast and then was able to visit the site, so it seems to have something to do with Avast.  Another clue may be that with Avast on, I can visit the site on using a Firefox browser.

The 'advanced' buttom on error page gives this text "www.homedepot.com normally uses encryption to protect your information. When Chrome tried to connect to www.homedepot.com this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be www.homedepot.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.

You cannot visit www.homedepot.com right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later."


This had never been a problem until a few days ago.  Any ideas?

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2758
Re: Getting NET::ERR_CERT_INVALID privacy error
« Reply #1 on: November 09, 2022, 12:08:54 PM »
Hi,

Can you try to disable HTTPS scanning and see if it makes a difference? https://support.avast.com/article/use-antivirus-https-scan/#pc
 If not, disable Web Shield.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89643
  • No support PMs thanks
Re: Getting NET::ERR_CERT_INVALID privacy error
« Reply #2 on: November 09, 2022, 02:02:33 PM »
I tried a connection using Firefox to see it is was a local issue. 

There appears to be some issued with homedepot.com in that it is trying to load http page when the browser is trying to access secure https pages.  See attached screenshot one of the error screen. 

Also see - https://en.internet.nl/site/homedepot.com/1769119/ - this reports issues: "using a modern internet address (IPv6)" see screenshot two.
I don't know if this might be the route of the problem or not.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.8.6127 (build 24.8.9372.870) UI 1.0.818/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline mconcordia15

  • Newbie
  • *
  • Posts: 4
Re: Getting NET::ERR_CERT_INVALID privacy error
« Reply #3 on: November 09, 2022, 06:01:44 PM »
I was able to disable the HTTPS scanning and that worked.  But is it riskyt to not use the scanning?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89643
  • No support PMs thanks
Re: Getting NET::ERR_CERT_INVALID privacy error
« Reply #4 on: November 09, 2022, 07:55:22 PM »
I was able to disable the HTTPS scanning and that worked.  But is it riskyt to not use the scanning?

After disabling the https scanning and you were able to connect to the site, was the connected url http (not https as in my first screenshot) ?

Whilst it is not advisable to disable https scanning, if the site is actually connecting to an http page/source I believe connection is still scanned by the Web Shield, but the connection isn't as secure. This could increase risk of the connection being compromised as the data transmitted isn't as secure.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.8.6127 (build 24.8.9372.870) UI 1.0.818/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2758
Re: Getting NET::ERR_CERT_INVALID privacy error
« Reply #5 on: November 10, 2022, 12:12:38 PM »
I was able to disable the HTTPS scanning and that worked.  But is it riskyt to not use the scanning?

"When enabled, the HTTPS scan protects your system against the malware delivered over HTTPS connections. When disabled, File Shield still scans all downloaded content before running any files."

Can you please provide a support file ID? https://support.avast.com/en-ww/article/submit-support-file/

Offline mconcordia15

  • Newbie
  • *
  • Posts: 4
Re: Getting NET::ERR_CERT_INVALID privacy error
« Reply #6 on: November 11, 2022, 01:51:51 AM »
Thanks R@vast.  The site still shows up as https://homedepot.com.  I'm generating a support file now.  Does it usually take a long time (it's been going for 10 minutes now)...


Offline mconcordia15

  • Newbie
  • *
  • Posts: 4
Re: Getting NET::ERR_CERT_INVALID privacy error
« Reply #7 on: November 11, 2022, 03:50:11 AM »
The support file ID is  EJU9H

Offline chris...

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3041
Re: Getting NET::ERR_CERT_INVALID privacy error
« Reply #8 on: November 11, 2022, 12:03:21 PM »
I was able to disable the HTTPS scanning and that worked.  But is it riskyt to not use the scanning?
at the same time as your ticket with avast, can you try to disable only "QUIC/HTTP3 scanning" (leaving "HTTPS scanning" checked).

Offline Bidzsi

  • Newbie
  • *
  • Posts: 1
Re: Getting NET::ERR_CERT_INVALID privacy error
« Reply #9 on: November 12, 2022, 03:30:16 PM »
I have the same problem. Some web pages are complaining for HTTPS certificate , because of the issuer. The issuer is "Avast root ca".
It is only on Chrome browser, Edge can open that pages.
Removing and reinstalling the Chrome extension hasn't solved it.

I have disabled the Quic/HTTP3 module and the problem is solved.

Offline chris...

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3041
Re: Getting NET::ERR_CERT_INVALID privacy error
« Reply #10 on: November 12, 2022, 05:30:31 PM »

I have disabled the Quic/HTTP3 module and the problem is solved.
thanks for this feedback, it's already a little better than disabling the "https scanning"
in "about:config" (firefox), you can also try to change "network.http.http3.enabled" to "false"

maybe some sites are now using this new protocol and some browsers and antivirus are not yet fully developed for ???
« Last Edit: November 12, 2022, 05:33:17 PM by chris.. »

Offline andy32

  • Newbie
  • *
  • Posts: 1
Re: Getting NET::ERR_CERT_INVALID privacy error
« Reply #11 on: November 14, 2022, 06:34:12 PM »
[/img]
Hi,

Can you try to disable HTTPS scanning and see if it makes a difference? https://support.avast.com/article/use-antivirus-https-scan/#pc
 If not, disable Web Shield.

I had the same problem which started a week or so ago with PAYPAL - see attachment. CHROME refused to connect siting "scrambled credentials" - which seem to come from Avast. If I disable HTTPS Scan, Chrome opens Paypal no problem. Note that MS Edge works with or without HTTPs Scan enabled. Is this an @Avast update problem whcih needs fixing? It's damned annoying.

Please would someone update when this issue is resolved? I can see others struggling with major retailers etc (e.g. Home Depot) so it needs fixing!  :)


Chrome details:

Your connection is not private
Attackers might be trying to steal your information from www.paypal.com (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_INVALID
Subject: www.paypal.com

Issuer: Avast Web/Mail Shield Root

Expires on: 13 Apr 2023

Current date: 14 Nov 2022
« Last Edit: November 14, 2022, 06:36:25 PM by andy32 »

Offline tylerg

  • Newbie
  • *
  • Posts: 1
Re: Getting NET::ERR_CERT_INVALID privacy error
« Reply #12 on: November 15, 2022, 09:22:29 AM »
I'm having the exact same issue with a ton of common sites, all of which are using https.

https://www.homedepot.com/
https://www.redfin.com/
https://www.bofa.com/

This is nuts. I've had to disable Web Shield to visit regular websites, no idea why this is suddenly happening. Disabling "QUIC/HTTP3 scanning" did not solve the issue but also disabled HTTPS Scanning did.

Certificate Info says the following-
Common Name (CN)   Avast Web/Mail Shield Root
Organization (O)   Avast Web/Mail Shield
Organizational Unit (OU)   generated by Avast Antivirus for SSL/TLS scanning
Issued On   Thursday, August 25, 2022 at 11:12:00 AM
Expires On   Friday, August 25, 2023 at 11:12:00 AM