Defaults.Exposed

Defaults.Exposed › Reports

My SSL Certificate Expired — Why It Happens and How to Fix It (2026)

Published 2026-07-01

Figures as of 2026-06-29 · methodology v7. Aggregate census data across 261 million graded domains. A certificate is “invalid” when it’s expired, self-signed, or issued for a different name — anything that makes the browser distrust it. See how we grade.

A certificate error means the browser can’t trust the padlock — so it warns the visitor before your page loads. It’s more common than you’d think: of the 197 million domains presenting a certificate, 8.21% — that’s 16,920,535 domains — serve one the browser rejects. The most frequent cause is the simplest: the certificate expired and renewal didn’t happen. Here’s why it fails and how to fix it for good.

Why certificates fail

Certificates are short-lived by design (often 90 days) and must be renewed automatically. When something breaks that cycle, visitors hit a warning. The common causes:

Only after a valid certificate is in place does the HTTPS padlock clear — and just 78.02% of all domains serve HTTPS at all.

What it costs while it’s broken

How to fix a certificate error

  1. Reissue the certificate — free from Let’s Encrypt; most hosts and CDNs issue and install one for you.
  2. Cover every hostname you use — include both the bare domain and www (and any subdomains), or use a wildcard.
  3. Install the full chain — serve the intermediate certificate, not just the leaf, so browsers can verify it.
  4. Automate renewal — this is the real fix. ACME clients (and most managed hosts) renew silently so you never expire again. See fix certificate errors.
  5. Redirect HTTP to HTTPS so no one lands on the unencrypted version. See fix HTTPS.

Frequently asked questions

Why did my SSL certificate expire? Certificates are deliberately short-lived and must auto-renew. When renewal fails — a broken cron job, a changed DNS record, a lapsed manual process — the certificate expires and the site shows a warning.

How do I fix an expired certificate? Reissue it (free via Let’s Encrypt or your host), install the full chain covering every hostname, and automate renewal so it can’t lapse again.

Is a self-signed certificate OK for a public site? No — browsers don’t trust it and will warn every visitor. 20.0% of invalid certificates are self-signed. Use a certificate from a trusted authority; it’s free.

Does an expired certificate hurt SEO? Yes indirectly — HTTPS is a ranking signal and the warning drives visitors away, raising bounce and losing conversions.

How much does fixing it cost? Nothing. TLS certificates are free and renewal is automatable. It’s a configuration fix, not a purchase.

Check your certificate free

See whether your certificate is valid, complete, and correctly chained — privately, and owner-only.

Check your domain → · Fix certificate errors → · “Your connection is not private” → · How we grade → · Aggregate data only. Data stored and processed in the EU.