Let’s talk!

What to Do When Your SSL Certificate Expires

A practical guide on what happens when an SSL certificate expires, how to restore HTTPS correctly and what to check after renewal.

What to Do When Your SSL Certificate Expires

When an SSL certificate expires, a website can suddenly look broken to visitors. Instead of opening the page normally, the browser may show a security warning and stop people before they reach your services, catalog, contact form, checkout or payment page.

For a business, this is not just a small technical issue. It can lead to lost inquiries, interrupted sales, lower trust and wasted advertising budget. A person who sees a warning like “Your connection is not private” will often leave the website immediately, even if the business itself is reliable.

The main problem is that SSL is often treated as a one-time setup. It is installed when the website is launched, the HTTPS icon appears in the browser, and then everyone forgets about it. But every SSL certificate has an expiration date. If renewal is not configured correctly, the website may start showing errors at the worst possible moment.

In this article, we will explain what to do when your SSL certificate expires, how to understand the cause of the problem, how to restore HTTPS and what to check afterward so the issue does not happen again.


What an expired SSL certificate means

An SSL certificate allows a website to work through HTTPS. It helps protect the connection between the visitor’s browser and the server, especially when forms, logins, orders, payments or personal data are involved.

When the certificate expires, the browser can no longer confirm that the connection is safe. As a result, users may see warnings such as:


  • “Your connection is not private”;
  • “NET::ERR_CERT_DATE_INVALID”;
  • “SEC_ERROR_EXPIRED_CERTIFICATE”;
  • “This site is not secure”;
  • “The certificate has expired or is not yet valid.”

For a developer, this is a clear technical signal. For a regular customer, it looks like the website is unsafe. Even if the website has not been hacked, the visitor may not continue.


Why an SSL certificate may expire

An SSL certificate can expire for several reasons. Sometimes the certificate was not renewed in time. Sometimes automatic renewal was configured, but it stopped working after server changes, DNS changes, hosting migration or updates in the website infrastructure.


Common causes of SSL expiration

The issue may happen when:


  • the paid certificate was not renewed;
  • automatic renewal failed;
  • the website was moved to another server;
  • DNS records were changed;
  • the domain was connected to Cloudflare or another CDN;
  • the server configuration was updated;
  • Nginx or Apache was not reloaded after renewal;
  • the certificate was issued only for one version of the domain;
  • the certificate chain was installed incorrectly.

For example, the website may have a valid certificate for example.com, but not for www.example.com. To the website owner, SSL may look renewed. To the visitor, one version of the domain may still show a warning.


What to do first when the website shows an SSL error

The worst thing to do is wait. If your website already shows a browser warning, every visit from Google, ads, social media, email or messengers may turn into a lost lead.


1. Check whether the SSL certificate has actually expired

Not every HTTPS warning means that the certificate has expired. The problem may be caused by an incorrect certificate chain, a mismatch between the certificate and the domain, server configuration issues, mixed content or CDN settings.

First, check:


  • the certificate expiration date;
  • the domain the certificate was issued for;
  • whether both www and non-www versions are covered;
  • whether subdomains are included;
  • whether the certificate chain is valid;
  • whether the error appears in different browsers;
  • whether the website opens correctly on desktop and mobile.

If the error appears on different devices and browsers, the issue is most likely on the website or server side.


2. Find out where SSL is managed

The next step is to understand where the certificate is controlled. It may be managed through hosting, a VPS server, Cloudflare, a control panel, Certbot or a separate certificate provider.

On simple hosting, SSL can often be renewed through the hosting panel. On a VPS or dedicated server, it may be installed manually, through Certbot, or as part of a custom server configuration.

If the website has a more complex setup, it is better not to randomly change settings in the hosting panel. An incorrect action can break redirects, domain configuration, HTTPS rules or even access to the website.

When the issue is connected with server configuration, domain settings or business-critical pages, proper website technical support is often safer than trying to fix everything blindly.


3. Renew or reissue the SSL certificate

If the certificate has really expired, it needs to be renewed or reissued. The exact process depends on the type of SSL certificate.

For free automated certificates, the first thing to check is whether automatic renewal is working. If it failed, the certificate can usually be reissued manually, but it is important to fix the renewal process so the same problem does not return later.

For paid certificates, you usually need to renew the certificate, confirm domain ownership and install the new certificate on the server. Buying or renewing SSL is not enough by itself. The certificate must be correctly installed where the website actually runs.


4. Reload the web server and check the website

After the new certificate is installed, the server must use it. Sometimes the certificate files are updated, but Nginx or Apache still serves the old certificate because the configuration was not reloaded.

After renewal, check:


  • the homepage;
  • service pages;
  • blog pages;
  • contact forms;
  • checkout and payment pages;
  • admin panel;
  • subdomains;
  • www and non-www versions;
  • all language versions of the website.

This is especially important for multilingual websites, online stores and websites with several subdomains. The error may not appear everywhere, but only on one version of the domain.


Why the website may still show an SSL error after renewal

Sometimes the certificate has already been renewed, but the website still shows a warning. In this case, the issue is usually deeper than just the expiration date.


The certificate chain is incomplete

SSL certificates often require intermediate certificates. If the full chain is not installed correctly, some browsers may not trust the website. This can be more noticeable on older devices, mobile browsers or specific operating systems.


The certificate does not cover all domain versions

If your website is available through several domain versions, the certificate must cover all important ones.

For example:


  • site.com;
  • www.site.com;
  • ua.site.com;
  • shop.site.com;
  • other subdomains.

If one version is missing, users may still see a warning when they open that address.


Cloudflare or CDN is configured incorrectly

If your website uses Cloudflare or another CDN, SSL may work on two levels: between the visitor and Cloudflare, and between Cloudflare and your server.

If one of these levels has an expired certificate, wrong SSL mode or incorrect configuration, the website may show a security warning, redirect endlessly or open inconsistently.


The server is still using the old certificate

This happens when the new certificate is issued but the web server was not reloaded. The files may be correct, but visitors still receive the old expired certificate.


Redirects are not configured correctly

After restoring SSL, you should check HTTP-to-HTTPS redirects. The website should open through one main version of the domain. If some pages open through HTTP, others through HTTPS, and some through www, this can create duplicate versions, redirect chains and SEO issues.


How an expired SSL certificate affects SEO

An expired SSL certificate does not always cause an immediate ranking drop. But it can damage accessibility, user trust, conversion rates and organic performance.

If visitors cannot open the page normally, they may return to search results and choose another website. If important pages remain unavailable for too long, search engines may also have trouble crawling them.

This is especially risky for websites that receive traffic from:


  • Google Search;
  • Google Ads;
  • social media;
  • email campaigns;
  • marketplaces;
  • partner links;
  • local search.

You may continue paying for traffic while users cannot safely access the website. That means the business loses both money and potential customers.


What to check in Google Search Console

After restoring SSL, check Google Search Console to see whether the issue affected important pages.

Pay attention to:


  • indexing issues;
  • crawl errors;
  • drops in clicks and impressions;
  • important URLs that became unavailable;
  • sitemap accessibility;
  • page experience warnings;
  • sudden changes in traffic.

If the SSL issue lasted only a short time, the damage may be minimal. But if the website showed warnings for several days or weeks, a broader technical audit is a good idea.


What online stores should do when SSL expires

For an online store, SSL is critical. Customers enter their names, phone numbers, delivery details and sometimes payment information. If the browser shows a warning, trust drops immediately.

After renewing SSL, an online store should check the full purchase path:


  1. product pages;
  2. add-to-cart function;
  3. cart page;
  4. checkout;
  5. delivery selection;
  6. payment gateway;
  7. order confirmation;
  8. email notifications;
  9. CRM or messenger integrations.

If SSL broke because of server migration, domain changes or CDN configuration, other parts of the website may also be affected. Delivery APIs, payment callbacks, webhooks and CRM integrations should not be ignored.


Can you temporarily turn off HTTPS?

Technically, a website can be opened through HTTP, but this is a poor solution for a business website. Browsers may still show warnings, users will not see the connection as secure, and forms or payments should not work through an unprotected connection.

In some cases, disabling HTTPS will not help at all. If the website previously used HSTS, browsers may force HTTPS and refuse to open the HTTP version normally.

Instead of trying to bypass the problem, it is better to restore SSL correctly.


How to prevent SSL expiration in the future

After the website starts working again, the next step is prevention. If you simply renew the certificate without understanding why renewal failed, the same problem may happen again.


What should be configured

The best solution is automatic renewal and monitoring. For a VPS or custom server, you should check whether the renewal task works, whether the server has access to the required validation path, and whether firewall, DNS or web server settings block renewal.

It is also useful to set reminders before the certificate expires. Even if renewal is automatic, a manual check 14–30 days before expiration can help catch issues early.

A basic technical maintenance checklist should include:


  • SSL monitoring;
  • uptime monitoring;
  • domain and hosting renewal control;
  • backups;
  • CMS, plugin or dependency updates;
  • form testing;
  • payment testing;
  • redirect checks;
  • Google Search Console monitoring.

If the website regularly has technical issues, it is better to have a developer review it before something breaks, not only after customers start seeing errors.


SSL error or another website problem?

Website owners often call any technical issue “an SSL problem”. But not every website error is related to the certificate.

An SSL error is connected with the secure HTTPS connection. If the website does not open at all, the cause may be server downtime, DNS issues, expired domain, database error, hosting limits or broken code.

If only some pages do not work, the issue may be caused by routing, CMS settings, redirects, plugins, caching or application logic.

For example, in a Next.js project, the problem may be connected with middleware, server-side rendering, API routes or deployment. In WordPress, OpenCart or WooCommerce, it may come from plugins, theme updates, cache or incorrect URL settings.

That is why the correct approach is not just “renew SSL”. The whole technical chain should be checked: domain, DNS, server, HTTPS, redirects, forms, checkout and key website functions.


When to contact a specialist

If your website is on simple shared hosting and the hosting panel has a clear SSL renewal button, you may be able to solve the issue yourself.

But there are situations where it is better to contact a specialist:


  • the website runs on a VPS or dedicated server;
  • Nginx, Apache, PM2, Docker or Node.js is used;
  • the website is connected to Cloudflare;
  • there are several domains or subdomains;
  • the website has multiple language versions;
  • online payments are connected;
  • CRM, delivery or third-party APIs are used;
  • the error remains after renewal;
  • redirects behave incorrectly;
  • you do not know where the certificate is installed.

In these cases, the problem may be in the server configuration, not just in the certificate. A wrong fix can create new issues: broken redirects, unavailable admin panel, duplicate website versions or checkout problems.


Checklist after SSL renewal

After SSL is restored, check whether the website is truly stable.

Make sure that:


  • the website opens through HTTPS without warnings;
  • HTTP redirects to HTTPS;
  • the main domain version is selected correctly;
  • www and non-www versions work properly;
  • forms submit correctly;
  • checkout and payment work;
  • subdomains do not show warnings;
  • there are no mixed content errors;
  • sitemap is available;
  • Google Search Console does not show critical errors;
  • automatic SSL renewal is configured.

A green lock in the browser is not the final goal. The real goal is that users can safely open the website, leave an inquiry, place an order or contact your business without technical barriers.


Conclusion

When an SSL certificate expires, the website is not necessarily hacked or broken, but it looks unsafe to visitors. That is enough to lose trust, leads and sales.

The correct process is simple: check the cause of the error, renew or reissue the certificate, install it on the server, verify all domain versions, check redirects, test forms and payment, and configure automatic renewal.

For a business website, SSL should not be treated as a minor technical detail. It is part of website stability, trust and lead generation. If HTTPS stops working, the issue should be fixed quickly and properly.


FAQ

What happens when an SSL certificate expires?

When an SSL certificate expires, browsers can no longer confirm that the website connection is secure. Users may see a warning and may not be able to access the website normally.


What should I do if my SSL certificate has expired?

First, check the certificate expiration date and the domain it was issued for. Then renew or reissue the certificate, install it on the server, reload the web server if needed and test the website through HTTPS.


Why does my website still show an SSL error after renewal?

The server may still be using the old certificate, the certificate chain may be incomplete, the certificate may not cover all domain versions, or Cloudflare/CDN settings may be incorrect.


Does an expired SSL certificate affect SEO?

Yes, it can. If users and search engines cannot access pages normally, the website may lose traffic, trust and conversions. A short issue may not cause serious damage, but a long-lasting SSL problem can hurt organic performance.


Can I use my website without SSL?

For a modern business website, this is not recommended. Without HTTPS, users may see warnings, forms look less trustworthy, and payments or personal data should not be handled through an unsecured connection.


How do I know that SSL is configured correctly?

The website should open through HTTPS without warnings, HTTP should redirect to HTTPS, all domain versions should work correctly, forms and payments should function, and SSL checks should not show critical errors.


How can I prevent SSL from expiring again?

Set up automatic renewal, add SSL monitoring, check domain and hosting status, and schedule regular technical reviews. For business websites, SSL should be part of ongoing maintenance, not a one-time setup.

Author:

 Taras Sydorovych

Updated: 5/28/2026

You may also be interested in

Why does a website load very slowly or not open at all?

Why does a website load very slowly or not open at all?

A slow or unavailable website can lose leads, sales, trust, and SEO visibility. In this article, we explain the most common reasons why a website takes too long to load, what can break after updates or migration, and when it is time to involve a technical specialist.

How to Write Product Descriptions That Sell

How to Write Product Descriptions That Sell

Learn how to write product descriptions for an online store: structure, SEO, examples, photos, videos, trust factors, and common mistakes.

404 Error: Why a Page Disappears and How It Affects SEO

404 Error: Why a Page Disappears and How It Affects SEO

A 404 error is not always a disaster for SEO. But when important pages disappear, internal links break, redirects are missing, or old URLs remain in Google, a simple technical issue can turn into lost traffic, weaker indexing, and fewer inquiries.