What to Do When Your SSL Certificate Expires

1 Star2 Stars3 Stars4 Stars5 Stars (5 votes, average: 3.40 out of 5)

Don’t run, don’t hide. Everything is going to be OK when SSL certificate expired.

What do you do when your SSL certificate expired? This is a surprisingly common question. In fact, in our line of work it’s right behind, “what’s the difference between DV and EV?” and “How Does an SSL Certificate Work?

So, let’s talk about it.

What happens if ssl certificate expires. They’re not like Twinkies or Styrofoam, they have a shelf life. They used to last up to five years, then it was three. Soon it will be two. That means that your SSL certificate is going to expire every year or so. So, what do you do?

Simply, Renew! But before that, you need to know how to check SSL certificate expiration date. Use SSL checker tool to see the date of SSL certificate expiry.

Look, you honestly shouldn’t ever even let your certificate get to that point. It’s like letting your gas meter drop down to E before you fill up. Why risk it? I always fill up at half a tank. Sometimes three-quarters. You can’t be too safe. I’ve seen Deliverance – which is also why I never canoe – I know what goes on in the woods around here. I ain’t squealing like a piggy.

And that scene from Deliverance – you know the one – is actually a pretty apt description of how you’ll feel if you let your SSL certificate expired. [Editor’s Note: Really? Let’s move on, Carl…]

Anyway, before my shout out to Ned Beatty (if you don’t get these references, I assure you they’re all damn funny), the point I was making is you shouldn’t ever let your SSL certificate get that close to expiring. It’s patently irresponsible.

But, hypothetically, let’s say you did let it expire. What then? Well, your website is going to be flagged by the browsers as “Not Secure.” You won’t be able to establish encrypted connections, your website will get an interstitial warning about a bad certificate and your customers are going to hate you.

Ok, maybe that last part is an exaggeration. But letting your certificate expire does make a statement about your company. It says you’re not on top of things. It also says you don’t take security seriously. And neither of those are things you want your customers to take away.

Don’t Worry, We’ll Nag You (a Lot) About Renewing

So how do you know when you need to replace your SSL certificate? Well, if you bought your SSL certificate from us, we will send you a personalized email at certain intervals reminding you to renew.

Why so many emails? Well, for one, so you can’t come back and complain we didn’t notify you.

“You didn’t tell me my certificate was expiring!”

“Sir, we sent you seven emails.”

…stunned silence…

SSL Renewal
Andrew, our original intern, relaxing in our server room. RIP Andrew.

Anyway, the other reason is that we realize a lot of emails never get opened or end up in spam folders or GMail gets moody and decides not to deliver them. Regardless, we send a whole lot of them. We have a tiny intern, Theodore (his name is really Tom, but re-named him after the chipmunk), that lives in our server room and pumps these renewal emails out day and night (don’t worry, we feed him—when we remember).

The alternative to this, and the reality that non-RSO customers face is you have to keep track of it on your own. That’s not fun, it involves remembering order dates, regularly checking certificate details and trying to figure out when to renew on your own. Not to belabor the car metaphor, but it’s a lot like what trying to remember to change your oil would be like if you didn’t have a check-oil light. Sure you’ve got that sticker, but who pays attention to that? It’s easy to miss. And then your car breaks down and the engine drops and the mechanic laughs in your face for being so stupid. Or so I hear.

Anyway, let’s move on.

Renew ≠ Replace

Renewing your SSL certificate is fairly simple. You can renew up to three months before your certificate expires. And you can carry any time you had remaining on your old certificate over to the new one. Kind of like a prison sentence [Editor’s Note: This is a TERRIBLE comparison, Carl] So in reality, you could have a maximum certificate validity of 15, 27 or 39 months if you renew early enough.

Now, I’ll be straight with you, “renew” is kind of a misnomer. You’re actually replacing your old certificate with a new one. It doesn’t even have to be the same certificate, you can always upgrade or switch.

The benefit of “renewing” over just letting the certificate expire and buying a new one at that point is this: rather than start from scratch, you can reuse the same validation information for a renewal.

And that’s a huge deal because it means that you can get through the validation process more quickly. In some cases, instantly. It’s a lot like renewing a driver’s license. As long as your information is the same, you can pretty much just rubber-stamp it—renewal won’t be a problem. And if something did change, you just have to update the CA. New address? Different phone number? Just update the CA and voila! You’re on your way.

From there, it’s just a matter of installing it again, which you should be able to do considering you – or someone you work with – did it the first time.

There’s No Excuses

There’s really no excuse not to renew your SSL certificate on time. You wouldn’t let your business registration expire, you wouldn’t miss the due date for your taxes. No, you make sure to stay on top of anything that could affect your business. Well, this is one of those things.

Customers are more discerning than ever these days. They expect protection. Failing to provide it can be devastating to business. I can’t say this any more clearly. Don’t wait… renew!

Stay Cautious, My Friends.

How to Renew an SSL Certificate – The Ultimate Guide