How to Fix an Expired SSL Certificate Error

If you try to visit a site (or your own site) and are blocked by a huge browser warning that says "Your connection is not private" or "NET::ERR_CERT_DATE_INVALID," this is almost always due to an expired SSL certificate. Your site is still "UP," but browsers are actively blocking users from it for security reasons.

What Is an SSL Certificate?

An SSL certificate is a tiny data file that enables an encrypted connection between a web server and a browser. It's what puts the "S" in "HTTPS" and displays the padlock icon in your browser's address bar. This ensures that all data passed between you and the website (like passwords or credit card numbers) remains private and secure.

These certificates don't last forever. They are issued for a specific period (usually 3 months to 1 year) and **must be renewed** to remain valid. When it's not renewed, it expires, and browsers show a security warning.

How to Fix an Expired SSL Certificate (For Site Owners)

This is a server-side problem that only the website owner can fix. Fortunately, it's usually very easy.

1. Check Your Host's SSL/TLS Settings

The vast majority of modern web hosts (like Bluehost, HostGator, Kinsta, WP Engine, etc.) provide free, automatic SSL certificates through Let's Encrypt. Sometimes, this automatic renewal process can fail.

  • Log in to your hosting control panel (cPanel, Plesk, or a custom dashboard).
  • Navigate to the "SSL/TLS" or "Security" section.
  • Find your domain in the list. It will likely show an "Expired" status.
  • There is usually a button to "Renew," "Re-issue," or "Run AutoSSL." Click it.

In 90% of cases, this will run the renewal process, install the new certificate, and your site will be back online (clear your browser cache) within 5-10 minutes.

2. If You Have a Paid SSL Certificate

If you purchased a premium SSL certificate (e.g., from Comodo, DigiCert, etc.), you must manually renew it with that provider. They will typically email you reminders before it expires.

  • Log in to your account with the SSL provider.
  • Pay for the renewal of your certificate.
  • They will send you new certificate files (.crt, .ca-bundle).
  • You must then go back to your web host's SSL/TLS section and manually install this new certificate.

3. If You Use Cloudflare or Another CDN

If you use a proxy service like Cloudflare, you have two SSL certificates to manage:

  • Client-to-Cloudflare: This is the certificate browsers see. This is usually managed by Cloudflare under their "SSL/TLS" tab and is often automatic.
  • Cloudflare-to-Server: This encrypts the connection from Cloudflare to your web host. If *this* certificate on your server expires, Cloudflare can't connect, and your site will go down. You must renew the certificate on your host *first*, as described in Step 1.

What to Do as a Visitor

There is nothing you can do to fix an expired certificate. **Do not click "Proceed anyway."** This bypasses the security warning and means any data you send to that site (like a login) could be intercepted. The only solution is to wait for the site owner to renew their certificate.