In the grand scheme of things, SSL certificates have a relatively short lifespan. They can protect your website for just one year before expiring. The imperative thing is to not miss the expiration deadline. If the SSL certificate expires, prepare for the worst – the dreaded security warning message on your pages. In this article, we’ll show you what happens when an SSL certificate expires, and how to ensure that your website always remains secure.
But first, let’s answer one of the most common questions about SSL certs. Why do they expire in the first place and have such a short validity?
Table of Contents
- Why Do SSL Certificates Expire?
- What Happens When an SSL Certificate Expires?
- What Are the Risks?
- Can You Use an Expired Certificate?
- How to Keep Track of Your SSL Certificate Expiration Date?
- How to Avoid Certificate Expiry?
- 5 Times When Big Companies Let Their SSL Certificates Expire
- How to Renew an SSL Certificate?
No matter how fast you renew your certificate, there’s still a time frame when you’re vulnerable to cyber-attacks. That’s why it’s imperative to do it well in advance. The risks of expired certificates could potentially incur financial losses and reputational harm beyond what a website can manage.
Why Do SSL Certificates Expire?
SSL certificates are small digital files that encrypt and authenticate the connection between two computer applications. While the encryption can last for ages without ever being broken (yes, cracking SSL encryption is beyond human capacity), authenticating a certificate for eternity has never been an option.
The Internet is a fast-changing environment where one year is equivalent to 5 in the real world. Companies come and go, new trends emerge every day, and fresh regulations replace previous directives regularly. Back in the olden days, SSL certificates had a five-year validity, then it was shortened to three, two, and finally, set at just aone-year period.
Let’s get back to SSL authentication/validation and see why it plays a crucial role in determining the lifetime of an SSL certificate. A digital cert verifies the identity of a website or the company behind it. When a user inspects the certificate, it sees who the issuer (Certificate Authority) and the receiving entity (Subject) are.
The information is always accurate and fairly up-to-date because of the one-year maximum certificate validity. However, companies can change names, and owners, or go bankrupt and cease to exist.If a certificate didn’t expire, it would validate a potentially dead company as safe and genuine. Such a scenario is music to scammers’ ears, and with the cyber threats growing by the day, limited SSL validity is an efficient way to fight them.
What Happens When an SSL Certificate Expires?
Now that you know why SSL certificates expire, it’s time to look at the devastating effects of SSL certificate expiration. Yes, things are that serious, and you better learn from others’ mistakes. For instance, LinkedIn let one of its certificates expire twice in three years. This blunder not only put the social media company in a negative spotlight but ended up costing money.
When an SSL certificate expires but remains on your website’s server, all the web and mobile browsers will show the site as Not secure. The red security warning coming from indisputable authorities such as Chrome or Firefox will overshadow all your hard work. If you don’t address this issue as soon as possible, your traffic will plummet. Tech-savvy visitors will ignore the security warning and enter the site at their own risk, but the vast majority of your audience will switch to your competition.
So, what to do if the SSL certificate expired? If you can’t replace your expired certificate straight away, the next best thing you should do is remove it from your server and use the HTTP protocol. While Chrome and other browsers could still flag your site as not secure, you may get away with just the little warning next to your URL.
What Are the Risks?
An expired SSL certificate poses immediate security risks to the website running it. If you operate in different time zones, even a short outage can impact your customers. In the best-case scenario, it happens during slow hours, and you swiftly remediate the issue.
However, a few minutes without an HTTPS connection may be enough to carry out a man-in-the-middle attack and compromise your visitors’ sensitive data. You’re at the mercy of Lady Luck and could end up with a few disgruntled users or a data breach lawsuit. Either outcome is easily avoidable, but the latter could harm a business.
No matter how fast you renew your certificate, there’s still a time frame when you’re vulnerable to cyber-attacks. That’s why it’s imperative to do it well in advance. The risks of expired certificates could potentially incur financial losses and reputational harm beyond what a website can manage.
Can You Use an Expired Certificate?
Technically yes, but on a live website no because browsers won’t trust it and will flag your site as “Not Secure.” As a result, your visitors will use competitors’ sites, while you’ll struggle to establish trust with your audience.
An SSL certificate ensures that any data transmitted between a website and its visitors is encrypted. When a certificate expires, browsers can no longer verify the authenticity of a website. This inevitably leaves your website and visitors exposed to malicious attackers who could intercept and read the data.
How to Keep Track of Your SSL Certificate Expiration Date?
So how to check if an SSL certificate is expired and an SSL security warning greets your website, visitor? The quickest way is to inspect your SSL certificate directly from your browser. All you have to do is click the padlock next to the URL, go to Certificate and in the General tab check its expiration date. You can set a reminder about the certificate renewal, but most CAs will send via email server notifications in advance so you don’t miss the deadline.
Another way to find the date when your SSL certificate expires is to log into your SSL account and check the “Next due date”. Simply click on the certificate you bought and scroll down until you see the validity period. With so many reminders, there are no excuses for missing the expiry date and compromising your website’s security.
How to Avoid Certificate Expiry?
Avoiding certificate expiration is easy if you take preventive measures and use proper certificate management. Your SSL provider will notify you via email about the SSL certificate expiry a few weeks in advance, so you’ll have plenty of time to update your certificate. Ensure the email you’ve provided during the SSL buying process is operational and you can access it. If you get push notifications on your smartphone, chances that you’ll miss the expiry date are slim.
If you manage multiple certificates across different systems and networks, monitoring their expiration could be tricky. To streamline the process, larger companies use certificate lifecycle management software that automates SSL renewal.
Finally, you can manually check when your SSL cert expires by clicking the padlock next to your website’s URL and expanding the certificate details. You can set a reminder in your calendar or make a mental note to renew your SSL. However, this approach is not advisable. With today’s information overload, you could easily forget about it.
5 Times When Big Companies Let Their SSL Certificates Expire
The recent history isn’t short of case studies when it comes to SSL expiration. From government websites to social media networks, and gaming apps, all are guilty of missing their SSL renewal deadline.
Below, we present five instances when big organizations let their SSL certificates expire:
- US Government Lets Dozens of Certs Expire During Shutdown. When Donald Trump and the Democrats refused to compromise on the Mexican wall funding, thousands of employees had been furloughed for 30 days or longer. As a result, dozens of federal websites ranging from the U.S. Department of Justice to NASA saw their certificates expire. With no admins to renew the certs, several websites with tighter security standards became inaccessible. The whole debacle jeopardized users’ sensitive data and encouraged hackers to use man-in-the-middle attacks on affected sites.
- UK Conservative Party Lets SSL Certificate Expire. Across the Atlantic, on the British Isles, there were no shutdowns to disturb the usual flow of work. But it seems that Brexit has taken its toll not only on the politicians but the system admins as well. In what a Twitter user labeled as “an embarrassing gaffe”, someone forgot to renew the UK’s Conservative Party’s SSL certificate. This a prime example of how an avoidable security breach could damage a political party’s volatile reputation. As if Brexit was not enough, the Tories had to deal with “Certxit” too.
- An Expired SSL Certificate Takes Millions of Smartphones Down. Away from politics, in the tech world, which presumably should have far better security standards, Swedish telecommunications company Eriksson, experienced a massive network outage that affected almost dozens of countries and took millions of smartphones down. The reason? An expired SSL certificate. A small digital file created chaos across the Eriksson network, with company representatives admitting that the incident was entirely preventable.
- LinkedIn Lets Its Certificates Expire Twice in Two Years. As if one SSL expiration is not enough to raise serious questions about a company’s security practices, social media giant LinkedIn topped the headlines twice for all the wrong reasons. First, certificate mismanagement let LinkedIn’s SSL cert for country subdomains expire, then, one year later, the SSL for the link shortener Inkd.in created outages in the UK and US. In both instances, the social media company swiftly renewed its certificates, but the downtime still affected not only its image but its customers and partners as well.
- Pokemon Go Suffers SSL Expiration Outages. When Pokemon Go took the gaming world by storm, millions of users worldwide hunted Pokemons in the most peculiar places. Popular as it was, one day the game went down because Niantic, the company behind it, forgot to renew their SSL certificates. While the outage lasted only half an hour, such a blunder shouldn’t happen at a large gaming company.
How to Renew an SSL Certificate?
SSL renewal involves getting a brand new SSL certificate and following the same steps you did the first time you brought it, including importing the new SSL files on your server. You can order the same SSL certificate or buy a different type. Moreover, you can even use the same CSR (Certificate Signing Request), but both CAs and we recommend generating a new CSR with updated contact data anytime you renew your certificate. Best of all, thanks to multi-year SSLs, certificate renewal, and validation are much quicker.
The best practice to renew your SSL cert is as early as possible. You may start the renewal process within 30 days of the certificate’s expiration. This way, all your remaining days will transfer to the new cert. If you use a Domain Validation certificate, you can run it down to last week before changing.
However, if you have a Business Validation or an Extended Validation certificate, we recommend renewing it much earlier, three-four weeks in advance. Even if the BV and EV validation is quicker during the renewal, in some rare cases, an EV certificate may take more than a week to validate. While this is highly unlikely, you better cover all possibilities.
As for the cost of renewal, if you bought the previous cert from us, the price will remain the same. You will even save money when ordering your certificate on a multi-year subscription. If you didn’t get your soon-to-expire SSL product from SSL Dragon, you have missed a trick. We offer the best prices on the market, much lower than hosting providers or domain registrars. Best of all, you get dedicated customer support around the clock from our SSL experts.
Conclusion
Now that you know what happens when an SSL certificate expires and how to prevent this potentially dangerous oversight, you can take all the necessary measures to protect your website and visitors from unwanted trouble. Web security heavily relies on uninterrupted data encryption. And, while SSL certs provide unbreakable protection, web administrators are responsible for their renewal, either manually or with automated software.
Frequently Asked Questions
When SSL certificates expire, the ongoing data from the website’s server to the user’s browser is still encrypted. However, browsers can’t verify the website’s authenticity and won’t establish a secure connection. On top of that, the expired certificate won’t feature in the CAs CRL (Certificate Revocation List), becoming a potential time bomb if a hacker gains unauthorized access to it. Attackers can use expired certificates to impersonate the server and steal users’ data.
Copy Link
You should not delete the expired SSL certificate right away. SSL certificates contain critical information such as the validity period, the certificate authority (CA) that issued the certificate, and the public key used for encryption. Some compliance regulations may require you to keep expired SSL certificates for a certain period for auditing purposes. Microsoft also warns not to delete expired certificates as they are required for backward compatibility.
Copy Link
Yes, it’s possible to use HTTPS with an expired certificate but it’s not recommended. An expired SSL cert can cause trust issues for users and even data breaches. There’s a reason all browsers issue a security warning when an SSL certificate expires – it becomes a loophole for attackers to exploit.
Copy Link
Save 10% on SSL Certificates when ordering today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10
