Website ‘certificates’ are timestamped and are only valid for a specific amount of time. If your computer sees a certificate that is wildly different from its clock, it will assume the certificate is fake and block the website for your safety.

Your computer checks for valid security keys on websites it opens. One of the things it checks right away is if the security key is up to date. If it’s from a date that your computer thinks is way in the future, it won’t open and it gives you a warning that also includes the very likely suggestion that it isn’t the security key that has a very wrong date, it’s your computer.

Computers rely on a few things being true or agreed upon by both/all computers on the network (group who is trying to talk to each other). Requiring the time to be the same for both of them is an easy way to finally check/guarantee that these other agreements happen too. At this point most of them are security but some of these agreements have existed before the internet existed.

SSL certificates are valid for a year. If you’re running your pc with a date outside that range it will consider the key to not be valid and block you from continuing.

Adding to what’s been said, this can be a tricky one to troubleshoot.

We had issues where I worked with some users being able to sign in, but getting immediately kicked back to the login screen.

Eventually found a user who was having the problem and was willing to get on a video conference call.

Turned out his PC was set to Pacific time (the default out of the box for Windows), but the clock was set manually to the time in Eastern.

When he signed in the server would tell the browser how long his session was good for.

The time he got back was for an hour later in Eastern time.

So if it was 1pm EST, it would expire at 2pm.

With the way his computer was set up, 1pm PST was effectively 4pm EST, so his browser thought his session had already expired and he needed to sign in again.

One thing that no one else seemed to mention is that there was a recent push by web browsers to prefer secure connections and use HTTPS to try to better protect people’s information online.

So maybe ten years ago, secure connections for “normal” pages weren’t that common, but they were for ones where you entered credit card info or other important information. Nowadays, most connections use secure connections.

Suppose Alice and Bob came up with a secret language for talking to each other. As long as nobody figures out their secret language, everything is peachy, right? Not quite.

One day, Eve the Hacker sees Alice say something to Bob in their secret language, and then Bob says something back and hands Alice some money. A month later, the same thing happens. Eve has no idea what either of them said, but the next month, she records what Alice says to Bob. Then she waits another month, dresses up as Alice, walks up to Bob, and plays the recording.

To Bob, it sounds like his roommate “Alice” (who is actually Eve in disguise) is asking him for his half of this month’s rent. “Alice” is speaking the secret language, and nobody but Alice and himself should know it, so it must be Alice, right? So Bob hands her the rent money, and Eve runs off with it. The real Alice shows up a couple hours later, asks Bob for his half of the rent, and they both realize they’ve been scammed.

So they change the protocol: Now any time they start talking in the secret language, they say the current date first, also in the secret language. That way if Alice says “May 1, 2024. Could you please give me your half of this month’s rent?” and Eve records it and plays it back to Bob on June 1, Bob knows something’s not right. The downside is that now if Bob sets his watch wrong and he thinks it’s May 1, 2025 when it’s actually May 1, 2024, he’s going to think the real Alice is a scammer too.

In this analogy, Bob is your computer, Alice is the website, the rent money is your password/credit card info/etc., and Eve the Hacker is, well, a hacker. And the months are more like minutes or even seconds.