Menu Show


Rate this article: 1 Star2 Stars3 Stars4 Stars5 Stars (26 votes, average: 2.08)

A weak signature algorithm error is triggered by an SSL issue on the server and can only be fixed by the website owner or manager

If you’re here it’s probably because you’ve received a NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error while using Google Chrome to visit a website. Unfortunately, this “your connection is not private” error is not something that a user can fix, the problem is the website’s SSL certificate.


ERR_CERT_WEAK_SIGNATURE_ALGORITHM is a relatively uncommon error

While not all that common, the issue is that the SSL certificate in question was issued with an outmoded signature algorithm. A signature algorithm is a portion of what is called a cipher suite, which is essentially a group of algorithms that perform the encryption functions needed to secure a connection. In this case the SSL certificate was likely issued with the SHA-1 algorithm, which was deprecated in 2015.

Until the site owner re-issues their SSL certificate with a support signature algorithm, you shouldn’t use the site. (Basically, the site is using security technology that can be easily compromised by hackers.)


This is a simple fix, you’re going to need to re-issue your SSL certificate with the SHA-2 or SHA-256 hashing algorithm. Most CAs and SSL services give you the option to select while you’re ordering your certificate.

If it’s easier, you can just purchase a new SSL certificate that will automatically be issued with the SHA-256 hashing algorithm. Any SSL certificate purchased from our website is automatically issued with the latest algorithms and will fix a ERR_CERT_WEAK_SIGNATURE_ALGORITHM error message.

COMODO SSL Certificate

Save Up 75% On Comodo SSL Certificates

Tip: You can typically save a significant amount by buying your SSL certificate direct instead of through your web hosting company. We sell all Comodo SSL certificates at up to 75% off.
Compare SSL Certificates

If your certificate was purchased from us previously, simply access your control panel, choose to re-issue your SSL certificate. (We disabled SHA-1 a long time ago).