In the grand scheme of things, SSL certificates have a relatively short lifespan. They can protect your website for up to two years before expiring. The imperative thing is to not miss the expiration deadline. If you don’t renew your certificate on time, prepare for the worst – the dreaded security warning message on your pages. In this article, we’ll show you what happens when an SSL certificate expires, and how to ensure that your website always remains secure. But first, let’s answer one of the most common questions about SSL certs. Why do they expire in the first place and have such a short validity?
Why do SSL certificates expire?
SSL certificates are small digital files that encrypt and authenticate the connection between two computer applications. While the encryption can last for ages without ever being broken (yes, cracking SSL encryption is beyond human capacity), authenticating a certificate for eternity has never been an option.
The Internet is a fast-changing environment where one year is equivalent to 5 in the real world. Companies come and go, new trends emerge every day, and fresh regulations replace previous directives regularly. Back in the olden days, SSL certificates had a 5-year validity, then it was shortened to three, and now it is set to a maximum of two years. Furthermore, Google is pushing for a one-year SSL validity, while some open-source certificates last only three months.
Let’s get back to the SSL authentication/validation and see why it plays a crucial role in determining the lifetime of an SSL certificate. A digital cert verifies the identity of a website or the company behind it. When a user inspects the certificate, it sees who the issuer (Certificate Authority) and the receiving entity (Subject) are.
The information is always accurate and fairly up-to-date because of the 27-month maximum certificate validity. However, companies can change names, owners, or go bankrupt and cease to exist. If a certificate didn’t expire, it would validate a potentially dead company as safe and genuine. Such a scenario is music to scammers’ years, and with the cyber-threats growing by the day, limited SSL validity is an efficient way to fight them.
What happens when an SSL certificate expires?
Now that you know why SSL certificates expire, it’s time to look at the devastating effects of SSL certificate expiration. Yes, things are that serious, and you better learn from other’s mistakes. For instance, LinkedIn let one of its certificates expire twice in three years. This blunder did not only put the social media company in a negative spotlight, but ended up costing money.
When an SSL certificate expires but remains on your website’s server, all the web and mobile browsers will show the site as Not secure. The red security warning coming from indisputable authorities such as Chrome or Firefox will overshadow all your hard work. If you don’t address this issue as soon as possible, your traffic will plummet. Tech-savvy visitors will ignore the security warning and enter the site on their own risk, but the vast majority of your audience will switch to your competition.
If you can’t replace your expired certificate straight away, the next best thing you should do is remove it from your server and use the HTTP protocol. While Chrome and other browsers could still flag your site as not secure, you may get away with just the little warning next to your URL.
How to keep track of your SSL certificate expiration date?
So how do you avoid waking up one morning and seeing the SSL security warning on your beloved website?
The quickest way is to inspect your SSL certificate is directly from your browser. All you have to do is click the padlock next to the URL, go to Certificate and in the General tab check its expiration date. You can set a reminder about the certificate renewal, but most CAs will send via email server notifications in advance so you don’t miss the deadline.
Another way to find the date when your SSL certificate expires is to log into your SSL account and check the “Next due date”. Simply click on the certificate you bought and scroll down until you see the validity period. With so many reminders, there are no excuses to miss the expiry date and compromise your website’s security.
How to renew an SSL certificate?
The best practice to renew your certificate is as early as possible. You may start the renewal process within 90 days of the certificate’s expiration. This way, all your remaining days will transfer to the new cert. If you use a Domain Validation certificate, you can run it down to last week before changing.
However, if you have a Business Validation or an Extended Validation certificate, we recommend renewing it much earlier, three-four weeks in advance. Even if the BV and EV validation is quicker during the renewal, in some rare cases, an EV certificate may take more than a week to validate. While this is highly unlikely, you better cover all possibilities.
As for the cost of renewal, if you bought the previous cert from us, the price will remain the same. You will even save money when ordering your certificate for multiple years. If you didn’t get your soon to expire SSL product from SSL Dragon, you have missed a trick. We offer the best prices on the market, much lower than hosting providers or domain registrars. Best of all, you get dedicated customer support around the clock from our SSL experts.