critical SSL/TLS

Expired SSL Certificate

The SSL certificate has expired. Browsers show a "Not Secure" warning and may block access to the site.

Severity
critical
Time to Fix
15-60 minutes
Difficulty
easy
OWASP
A02:2021 — Cryptographic Failures

What is Expired SSL Certificate?

SSL certificates expire (typically after 90 days, 1 year, or 2 years). An expired certificate causes browsers to display a prominent "Your connection is not private" warning, which drives away visitors and destroys trust. Let's Encrypt certificates expire every 90 days and require automated renewal.

Why It Matters to Your Business

An expired SSL certificate immediately blocks most visitors — browsers show a red warning page. E-commerce sites lose all sales; lead-gen sites lose all conversions; SaaS sites lose all logins. The damage continues until the certificate is renewed. Search engines may also drop rankings.

How to Fix It

Renew the certificate immediately:

1. Identify your certificate authority (Let's Encrypt, DigiCert, Sectigo, Cloudflare, etc.)
2. Renew via your CA's dashboard or CLI:
   - Let's Encrypt: certbot renew
   - Cloudflare: automatic (check Cloudflare dashboard)
   - Paid CA: log in to their portal and renew
3. Install the renewed certificate on your server
4. Set up automated renewal:
   - Let's Encrypt: add to crontab: 0 0,12 * * * certbot renew --quiet
   - Or use a monitoring service (like 2MNY Security's monitoring) to alert before expiry
5. Restart your web server: systemctl restart nginx (or apache2)

Technical Classification

OWASP CategoryA02:2021 — Cryptographic Failures
CWE IDCWE-295: Improper Certificate Validation
Detected Byssl scanner(s)
Severity Levelcritical

Check if your website has this vulnerability

Our ssl scanner checks for this issue automatically.

Scan My Website Free

Related Vulnerabilities