SSL CertificatesTrust solutions
GOGETSSL CLOUD CODE SIGNING CERTIFICATE
354.17$ Starting at
  • No hardware tokens/HSMs
  • No shipping = no delays
  • Integrate with cloud platforms
  • 1000 signings, one user seat
VULNERABILITY SCANNER WITHOUT COMPROMISES
25.00$ Basic Quick-Scan
  • OWASP Top 10 Scanning
  • Multi Page Web Applications
  • REST API & JavaScript Scan
  • Set it up in minutes
NEW FLEX SSL FEATURE AVAILABLE
72.00$ Starting at
  • Protect up to 250 domains
  • Wildcard domains
  • Single and sub-domains
  • Public IP addresses
ROBUST AND MODERN WAY TO IDENTIFY COMPANY
49.00$ Billed annually
  • Registered companies
  • Non Profit, Funds and Trusts
  • Government entities
  • Sole Proprietors/Individuals
Home Wiki Problems & Issues How to Fix ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN

How to FIX ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN

  • Usage of "Public Key Pinning" may bring difficulties and your say may stop opening in Chrome browser. Usually, that happens after the renewal of an SSL certificate. In this case, the time chosen by the administrator could exceed the time of expiration of the certificate, or its renewal.

    As a result, the visitor of the website would receive error NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN​ like on the screenshot below.

    err_ssl_pinned_key_not_in_cert_chain

    HSTS is HTTPS Strict Transport Security. This setting forces the browser to always use HTTPS for a particular site. This is done with special instructions from the web server that serves the site. As an additional layer of security, HPKP - HTTP Public Key Pinning can be used. This setting allows the webmaster to specify which public key associated with the SSL certificate is good. The visitor browser will save these parameters for the time specified in the web server settings.

    Sometimes something goes wrong, webmasters make mistakes when configuring servers, as a result of this, the site becomes inaccessible. In this case, you can manually delete the associated keys manually in the browser settings. This will not work if the keys are downloaded to the browser in advance (for example, Facebook). In this case, updating the browser may help.

    • 1

      Solution: Removing a fixed HSTS key

      Fortunately, possible problems can be solved quite simply, just remove the key from the HSTS database of the Google Chrome browser.

      1. Paste that text chrome://net-internals/#hsts to your browser's address bar;
      2. Submit problematic domain name to "Delete domain security policies" and click "Delete";
      3. Retry visiting the website.
      err_ssl_pinned_key_not_in_cert_chain2
    • Conclusion

      • Webmasters: Please, stop pinning your keys!
      • Visitors: Use Chrome function to remove HSTS key

Fast Issuance within 3-5 minutes

Get a Domain Validation SSL certificate within just 5 minutes using our friendly and automated system. No paperwork, callback or company required.

Price Match 100% Guarantee

Found a better price? We will match it - guaranteed. Get the best possible price in the World with us. The correct place to save your money.

Free SSL 90-day for free

Try 90-day Trial SSL Certificate before the real purchase to test cert's functionality. 99.9% browser and mobile support. Free reissues.

Money Back 30-day guarantee

Customer satisfaction is our major concern. Get a full refund within 30 days for any purchase of SSL certificates with 100% guarantee.

Speed up SSL issuance

GoGetSSL® offers fastest issuance of SSL due to use of LEI code and API automation. Legal Entity Identifier (LEI) is a global identity code, just like DUNS. Learn how LEI works.

1,422,468+Total LEIs issued
224+Jurisdictions supported