What is an SSL certificate?

An SSL certificate encrypts the connection between a visitor's browser and your server. It is what makes HTTPS work and shows the padlock icon in the address bar.

What happens when an SSL certificate expires?

Browsers show a full-screen security warning that blocks visitors from reaching your site. Most visitors will not click through the warning, so your site is effectively offline.

How do I get a free SSL certificate?

Let's Encrypt provides free SSL certificates. Most hosting providers offer one-click SSL setup through Let's Encrypt or their own certificate authority.

← Blog

How to Fix SSL Certificate Issues

security Jan 29, 2026 2 min read

What the SSL certificate check tests

SiteCurl examines your SSL certificate when connecting over HTTPS. It checks three things: whether the certificate is valid, whether it has expired, and whether it is close to expiring (within 30 days). The check also records the certificate issuer and expiry date.

Why it matters

An expired SSL certificate triggers a full-screen browser warning that blocks visitors from reaching your site. The warning says “Your connection is not private” and most visitors will leave immediately. Search engines also stop indexing pages behind expired certificates.

Even if the certificate is still valid, one that expires in a few days is a ticking time bomb. If renewal fails or is forgotten, your site goes down without warning.

How to fix it

Renew an expired certificate

If you use Let’s Encrypt:

sudo certbot renew --force-renewal
sudo systemctl reload nginx  # or apache2

For other certificate providers, reissue through your CA’s dashboard and install the new certificate on your server.

Set up auto-renewal

The best fix is to never let a certificate expire again. Most hosting providers and Let’s Encrypt handle this automatically. If you manage your own server:

# Add a cron job for automatic renewal
echo "0 0 1 * * certbot renew --quiet && systemctl reload nginx" | sudo crontab -

Check certificate validity

If SiteCurl flags your certificate as invalid (not just expired), the issue may be:

Wrong domain: The certificate was issued for a different domain than the one being served
Incomplete chain: Intermediate certificates are missing
Self-signed: The certificate is not from a trusted authority

Fix by reissuing the certificate for the correct domain and ensuring the full certificate chain is installed.

How to verify the fix

Visit your site in a browser and check for the padlock icon. Run a SiteCurl scan to confirm the SSL certificate finding passes. You can also check from the command line:

echo | openssl s_client -connect yoursite.com:443 2>/dev/null | openssl x509 -noout -dates

SSL certificates work with HTTPS enforcement and HSTS. A valid certificate enables HTTPS, and HSTS ensures browsers always use it.

Start a free trial to monitor your SSL certificate status.

More on security

How to Fix Missing Security Headers

security Mar 3, 2026

How to Secure Cookies with HttpOnly, Secure, and SameSite

security Feb 12, 2026

How to Fix Mixed Content Warnings on HTTPS Sites

security Feb 11, 2026

Check your site for security gaps

Scan for HTTPS issues, missing headers, mixed content, and more.

Start 7-Day Studio Trial

No credit card required.

← Back to blog