Skip to main content
SSL Certificate Expired — What to Do
Security SSL Troubleshooting

SSL Certificate Expired — What to Do

Overview

When an SSL certificate expires, browsers immediately display a full-screen warning: “Your connection is not private” or “This site can’t provide a secure connection.” Most visitors will not click through. For a contractor website, an expired SSL certificate effectively takes the site offline — not because it is down, but because no one will risk visiting it. Revenue stops immediately.

Why SSL Certificates Expire

SSL certificates have a fixed validity period — currently a maximum of 398 days for certificates issued by trusted authorities. They must be renewed before expiry. Certificates expire because:

  • auto-renewal failed silently (hosting account expired, payment method lapsed, DNS change broke the renewal challenge)
  • the certificate was manually issued and no renewal reminder was acted on
  • the site was migrated to a new host without transferring or re-issuing the certificate
  • a Let’s Encrypt certificate’s ACME renewal challenge failed due to a server configuration change

How the Problem Appears

  • browser shows “NET::ERR_CERT_DATE_INVALID” or “Your connection is not private”
  • padlock icon replaced with a warning triangle in the browser address bar
  • some visitors see a full red warning page before the site loads
  • HTTPS stops working; HTTP may still load but triggers a redirect loop or mixed content errors
  • search rankings drop as Google re-crawls and encounters the certificate error

How It Is Diagnosed

  • visit the site in a browser and check the certificate error message — it will state the expiry date
  • check the certificate details by clicking the warning icon in the browser address bar
  • use an SSL checker tool to confirm expiry date and certificate chain validity
  • log in to the hosting control panel or certificate provider dashboard to check renewal status

Typical Fix

Immediate steps:

  1. Log in to the hosting control panel (cPanel, Plesk, or the hosting provider’s dashboard)
  2. Navigate to SSL/TLS settings and renew or reissue the certificate
  3. For Let’s Encrypt certificates, most hosts have a one-click renew option; if auto-renewal failed, trigger it manually
  4. If the certificate was issued through a commercial provider (Sectigo, DigiCert), complete the renewal through their portal and reinstall the certificate

After renewal:

  • verify HTTPS loads correctly across the full site
  • check that HTTP redirects to HTTPS without errors
  • confirm there are no mixed content warnings (HTTP resources loaded on an HTTPS page)

To prevent recurrence:

  • enable auto-renewal in the hosting control panel
  • set a calendar reminder 30 days before expiry
  • use a monitoring service that alerts on certificate expiry before it happens

Technical Website Support

An expired SSL certificate needs to be renewed the same day it is discovered. If the renewal process is failing due to a hosting or DNS configuration issue, technical support can identify and resolve the underlying cause.