Blog

How to Fix Windows 11 Expired Digital Certificate Error: Step-by-Step Guide

Windows 11 may sometimes show an “Expired Digital Certificate” error. This usually happens when the system or a specific application is trying to verify a certificate that is no longer valid. Certificates help keep your computer secure by ensuring that software and websites are trustworthy.

This error can prevent apps from running smoothly or stop important updates from installing. Fixing it involves updating or renewing certificates so Windows recognizes them as valid again.

In this guide, you will learn simple, step-by-step methods to resolve the expired digital certificate error on Windows 11. Each step is explained clearly, even if you have little technical knowledge.

By following these instructions, you can quickly restore your system’s security and functionality without frustration.

Quick Note Before You Begin

  • Make sure your Windows 11 system is connected to the internet. Many fixes require downloading updated certificates automatically.
  • Check your system date and time settings. Incorrect date/time can cause certificate errors.
  • Have administrator rights on your PC, as some steps require permission to make system changes.
  • Backup important data before making advanced changes, just to be safe.

Step 1: Verify and Correct Your System Date and Time

Incorrect system date or time is a common reason for digital certificate errors. Certificates are valid only during specific periods, so if your PC’s clock is wrong, Windows might think certificates are expired.

  1. Click on the Start button and select Settings.
  2. Go to Time & Language from the left menu.
  3. Click on Date & time.
  4. Toggle on Set time automatically and Set time zone automatically.
  5. If these are already on, click Sync now under Additional settings to force a time synchronization.

After correcting the date and time, restart your computer and check if the error still appears.

Step 2: Update Windows 11 to Get Latest Certificate Updates

Windows Update regularly delivers new security certificates and fixes. Updating your system can automatically resolve many certificate problems.

  1. Open Settings again and go to Windows Update.
  2. Click Check for updates.
  3. Allow Windows to download and install all available updates.
  4. Restart your computer after the update process completes.

This ensures your system has the latest trusted certificates and security patches.

Step 3: Manually Update the Expired Certificate

If a specific certificate is expired, you may need to manually replace it.

  1. Press Windows + R to open the Run dialog box.
  2. Type certmgr.msc and press Enter to open the Certificate Manager.
  3. In the left pane, navigate to Trusted Root Certification AuthoritiesCertificates.
  4. Look for certificates with an expiration date that has passed.
  5. Right-click the expired certificate and select Delete.
  6. Download the updated certificate from the official website of the software or certificate issuer.
  7. Double-click the downloaded certificate file and click Install Certificate.
  8. Choose Local Machine as the store location and select Place all certificates in the following store.
  9. Browse to Trusted Root Certification Authorities and complete the installation.

Restart your computer after the installation to apply the changes.

Step 4: Use Windows PowerShell to Refresh Certificates

PowerShell can force Windows to update and renew certificates automatically. This method is useful if manual steps do not work.

  1. Right-click the Start button and choose Windows Terminal (Admin).
  2. In the PowerShell window, type the following command and press Enter:
Invoke-WebRequest -Uri "https://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab" -OutFile "$env:TEMPauthrootstl.cab"
  1. Next, run this command to extract and update certificates:
expand -F:* "$env:TEMPauthrootstl.cab" "$env:TEMPauthrootstl"
  1. Then import the certificates:
certutil -addstore -f "ROOT" "$env:TEMPauthrootstlauthroot.stl"

Restart your PC and see if the error is resolved.

Alternative Method: Reset Windows Update Components

If the certificate error is related to Windows Update, resetting its components may help.

  1. Open Windows Terminal (Admin).
  2. Type the following commands one by one, pressing Enter after each:
net stop wuauserv
net stop cryptSvc
net stop bits
net stop msiserver
ren C:WindowsSoftwareDistribution SoftwareDistribution.old
ren C:WindowsSystem32catroot2 Catroot2.old
net start wuauserv
net start cryptSvc
net start bits
net start msiserver

These commands stop update services, rename update folders to reset them, and restart the services. After this, check for updates again.

FAQs

Why do digital certificates expire on Windows 11?

Certificates have expiration dates to ensure security by limiting how long they are trusted. Expired certificates can’t guarantee data integrity or authenticity, so Windows blocks them.

Can I ignore the expired certificate error?

It is not recommended to ignore this error as it can cause apps or updates to fail and may expose your PC to security risks.

How do I know which certificate is causing the error?

Usually, the error message or the application logs mention the certificate name. Using certmgr.msc helps you identify expired certificates.

Is it safe to delete expired certificates?

Yes, deleting expired certificates is safe and often necessary. Just be sure to replace them with updated certificates from trusted sources.

Will updating Windows automatically fix certificate errors?

Often, yes. Windows updates include new certificates and security fixes that resolve most certificate issues.

When Nothing Works

If the above steps do not resolve the problem, you can try these final options:

  • Run the Windows Troubleshooter for Update & Security via Settings → System → Troubleshoot.
  • Reset Windows 11 using the Reset this PC feature to repair system files without losing personal data.
  • Visit the official Microsoft support page: https://support.microsoft.com/en-us for professional help.
  • Consider contacting your device manufacturer or an IT professional for advanced assistance.

Conclusion

Expired digital certificate errors in Windows 11 can disrupt your workflow and block essential apps or updates. Most of the time, fixing your system’s date and time or updating Windows resolves the issue quickly.

If needed, manually replacing expired certificates or using PowerShell commands can refresh your certificate store. Resetting Windows Update components is another effective method for related problems.

Remember to always keep your system updated and maintain correct date/time settings to avoid such errors in the future. Following the steps in this guide will help you restore your computer’s security and smooth operation with minimal hassle.

Leave a Reply