Home/ Glossary/ SSL Certificate Expiry

SSL Certificate Expiry (SSL Expiry)

Security Glossary - SSL/TLS

Definition: SSL certificate expiry refers to the date after which an SSL certificate is no longer valid. When a certificate expires, browsers display prominent security warnings and may block access to the site entirely. Modern certificates from public CAs have a maximum validity of 398 days (13 months), while Let's Encrypt certificates expire after 90 days.

Why SSL Expiry Matters

Expired SSL certificates are one of the most common causes of website outages and security warnings. When a certificate expires, every visitor to your site sees a full-page warning that the connection is not secure. Most users will not click through this warning, effectively making your site inaccessible.

For sites with HSTS enabled (which instructs browsers to always use HTTPS), an expired certificate is even more damaging. The browser will refuse to connect at all - there is no option to bypass the warning. This means an HSTS-enabled site with an expired certificate is completely down until the certificate is renewed.

Certificate expiry monitoring is essential. Set up automated alerts well before expiration (30 days, 14 days, 7 days). Better yet, use automated renewal with ACME/Certbot for Let's Encrypt certificates, which handles renewal automatically when the certificate is within 30 days of expiry. For manually managed certificates, add calendar reminders and monitoring checks.

How to Test for SSL Expiry

An SSL checker shows your certificate's exact expiration date and how many days remain. Set up monitoring to check this regularly. Many monitoring services can alert you weeks before expiration. If your certificate is from Let's Encrypt, verify that your ACME client's automatic renewal is functioning.

Check SSL Certificate

Real-World Example

In 2020, Microsoft Teams experienced a multi-hour global outage because an authentication certificate expired without being renewed. The expired certificate prevented users worldwide from signing in. The root cause was a manual renewal process with no automated monitoring.

Frequently Asked Questions

What happens when my SSL certificate expires?
Browsers display a full-page security warning that deters most visitors. For HSTS-enabled sites, the browser blocks access entirely with no bypass option. Search engines may also stop indexing HTTPS pages with expired certificates.
How do I prevent certificate expiry outages?
Use automated certificate management with Let's Encrypt and Certbot, which renews certificates automatically. For manually managed certificates, set up monitoring alerts at 30, 14, and 7 days before expiry. Test renewal processes before they are needed.

Related Terms

SSL/TLS Certificate Let's Encrypt HTTP Strict Transport Security Hypertext Transfer Protocol Secure Certificate Authority
Disclaimer: DomainOptic provides automated informational scans only. Results do not constitute professional security advice, compliance certification, or a guarantee of security. Always verify findings independently.