Expired certificate
What this means
An expired SSL certificate means the website’s security no longer works, leading to ‘not secure’ warnings for visitors, data being transmitted without encryption, and potential loss of user trust and revenue.
Why this is a problem
An expired SSL certificate poses significant risks including security vulnerabilities, browser warnings, loss of customer trust, negative SEO impact, and potential compliance issues.
When an SSL certificate expires, this can lead to:
- data interception – an expired certificate means the connection is no longer secured with HTTPS, leaving sensitive data exposed to hackers and malicious actors
- browser warnings – users might see warning messages such as ‘your connection is not private’ discouraging them from proceeding and causing immediate distrust
- cascading failures – for applications and scripts that rely on the certificate, an expiration can trigger a 404 error or cause a cascading failure of downstream services
- website downtime – in some cases, an expired certificate can cause unexpected outages, impacting business operations and revenue
- reputational damage – the loss of trust and negative user experiences can cause lasting damage to a brand’s reputation
- lowered SEO ranking – search engines may miss a site with an expired SSL certificate, leading to a decrease in organic search traffic
- compliance issues – an expired certificate can result in compliance failures and potential fines
How to check if the problem is there
The most common ways of checking an expired certificate is to:
- visit the site and look for an insecure page message
- double click the padlock symbol or site information button on your web browser
- use an SSL checker service such as Hardenize or DigiCert to check the certificate validity and chain of trust
How to fix this
To resolve an expired certificate, contact your certificate authority and request a new valid certificate and install it.