Why certificate expiry matters
An SSL certificate tells browsers that a site can use an encrypted connection for the domain shown in the address bar. When the certificate expires, browsers may block the page or show a warning. For customers, that feels like the site is broken even if the server is still online.
What to check
- The expiry date and time.
- The domain names covered by the certificate.
- The issuer and certificate chain.
- Whether the live site is serving the expected certificate.
Common mistakes
Teams sometimes renew a certificate but forget to install it on every server. Another common issue is renewing the main domain while missing a subdomain used by checkout, login, or an API. Check the exact hostname users visit.
Practical workflow
Run an expiry check, write down the renewal date, and add a reminder well before the certificate ends. If your site sits behind a proxy or CDN, check both the public edge and the origin setup when possible.
FAQ
Can a certificate expire during the day?
Yes. Expiry is time-based, not just date-based. Always check the exact time and timezone.
Does a valid certificate mean the website is safe?
No. It only confirms part of the encrypted connection story. It does not prove the site content or business is trustworthy.