What Happens When Your SSL Certificate Expires (in Plain English)
You got an email. Your SSL certificate is expiring soon. Or maybe it already expired and now your website is showing a scary red warning instead of your homepage.
Either way, you're here because you want to understand what's happening, what it's costing you, and how to fix it. In language that makes sense.
Let's start with what SSL actually is.
What SSL is, without the jargon
SSL is what puts the little lock icon next to your website's address in the browser. The lock means the connection between your visitor's browser and your website is private. Nobody snooping on the wifi at the coffee shop can read what's being sent.
For a small business website, SSL matters even if you don't take credit cards or collect sensitive info. Modern browsers treat any website without SSL as suspicious. They show warnings. They scare customers away.
The "certificate" part is the technical file that proves your site has SSL. Like a passport, it has an expiration date. When it expires, the lock goes away and the warnings begin.
What your customers see when SSL expires
This is the part that costs you money. When your SSL certificate expires, here's what visitors see depending on their browser:
Chrome: A full-screen warning that says "Your connection is not private" with a giant red warning triangle. To proceed, the visitor has to click "Advanced" and then "Proceed to yoursite.com (unsafe)." Most customers will not do this.
Safari: A pop-up that says "Safari can't verify the identity of yoursite.com." Visitors get an option to "Cancel" or "Continue." Most click Cancel.
Firefox: A red-shielded warning that says "Warning: Potential Security Risk Ahead." The visitor has to click "Advanced" and then "Accept the Risk and Continue."
In every case, the message is clear: the browser thinks something is wrong with your site, and the visitor should leave.
What that actually costs you
Customers don't read the warning. They don't try to figure out what SSL is. They don't think "oh, this site probably just has an expired certificate." They think "this site might steal my information" and they leave.
A few real consequences:
- Walk-away rate: roughly 80% of visitors who hit an SSL warning leave immediately. They don't come back.
- Google rankings drop: Google deprioritizes sites with broken SSL in search results. You may stop appearing for searches you used to rank for.
- Form submissions stop: even if visitors stay, browsers may block JavaScript from a "not secure" site, breaking your contact forms, online ordering, or anything dynamic.
- Trust damage: even after you fix it, customers who saw the warning may not return.
The shorter version: an expired SSL is expensive. Every hour the warning is showing is hours of lost business.
How to fix it
The fix depends on where your SSL came from.
If your host provides SSL (most common): log into your hosting control panel (cPanel, Plesk, the SquareSpace or Wix dashboard, whatever you use). Look for a section called "SSL/TLS" or "Security." Most hosts have a one-click renewal button. Click it. SSL is usually restored within minutes.
If you use Cloudflare: SSL renewals are automatic. If yours expired, log into Cloudflare and check the SSL/TLS tab to see what's wrong. Usually a setting needs to be flipped.
If you bought a paid SSL certificate from a vendor: log into that vendor and renew it from your account. Then upload the new certificate to your host. Many vendors have step-by-step guides.
If you don't know where your SSL came from: call your hosting company. They can tell you and usually fix it.
How to prevent this from happening again
SSL expiry is one of the most preventable causes of small business website outages, and yet it happens constantly. Here's how to stop it from happening to you:
Option 1: Use a host that auto-renews SSL. Most modern hosts (SquareSpace, Wix, Shopify, WordPress.com, Cloudflare, most major hosting companies) auto-renew SSL by default. If you're with one of these, you usually don't need to do anything.
Option 2: Set calendar reminders. If you have a paid SSL certificate, add reminders to your calendar 60, 30, and 7 days before the expiration. Renew on the 60-day reminder so there's buffer.
Option 3: Monitor it. This is what KeepPaw does. We check your SSL every day and email you 30, 14, and 7 days before expiration with what's expiring and what to do. No calendar reminders. No surprise red warnings. Run a free check on your site at keeppaw.com/check to see where yours stands.
Common questions
Does an expired SSL mean my site was hacked?
No. SSL expiration is a normal scheduled event, not a security breach. It just means the certificate's annual (or shorter) validity period ended.
Can I just take SSL off my site?
Technically yes, but you shouldn't. Modern browsers flag every site without SSL as "Not Secure." The warnings are slightly less scary than an expired SSL warning, but they're still bad for business.
How long does an SSL certificate last?
Most SSL certificates are valid for either 1 year or 90 days. Free SSL (like Let's Encrypt, used by most modern hosts) is typically 90 days but renews automatically.
My host says they renewed SSL but the warning is still there. What now?
Try clearing your browser cache and reloading. If the warning persists, the new certificate may not be properly installed. Contact your host again and ask them to verify the SSL is correctly applied to your domain.
How to make sure you're not the next victim
Most owners only find out their SSL expired when a customer complains. By then, you've already lost business.
KeepPaw is a website watchdog built for small business owners. We check your SSL every day. We email you 30, 14, and 7 days before it expires, in plain English, with what's expiring and how to renew it. You won't get blindsided.
Run a free check on your site at keeppaw.com/check. You'll see your SSL status in 60 seconds, no signup required. If your certificate is close to expiring, we'll tell you exactly how many days you have. ๐พ
Worried about your own site? Run a free 1-minute check โ uptime, SSL, domain & more, in plain English. ๐พ