SSL & HTTPS
SSL Certificate
Your SSL certificate encrypts traffic and proves your domain identity. Expired or invalid certs block your site completely.
critical severityWhat is this?
An SSL/TLS certificate does two things: it encrypts traffic between your server and visitors (so no one can read it in transit), and it proves your server actually controls yourdomain.com (not an impersonator). Browsers show the padlock icon when the certificate is valid.
Certificates expire - typically every 90 days for Let's Encrypt or 1-2 years for commercial CAs. When they expire, browsers show a full-page warning that blocks most users from accessing your site.
Why it matters
An expired or invalid SSL certificate:
- Blocks your site entirely. Chrome, Firefox, and Safari show a full-page red warning. Most users click "Go back" rather than proceed.
- Destroys trust. Even technical users see "Your connection is not private" and worry about a breach.
- Hurts SEO. Google penalizes sites with certificate errors.
How to fix it
- Check certificate expiry:
openssl s_client -connect yourdomain.com:443 | openssl x509 -noout -dates - Enable auto-renewal in your hosting dashboard (see providers below)
- If renewal failed, check that your domain's DNS still points to your host (A/CNAME records)
- For custom servers, ensure your Let's Encrypt certbot cron job is running:
certbot renew --dry-run - Set a calendar reminder 30 days before expiry as a backup
Providers & tools
| Host | Auto-renewal | Action |
|---|---|---|
| Vercel | Automatic | Nothing needed - managed for you |
| Netlify | Automatic | Nothing needed - managed for you |
| Cloudflare | Automatic | SSL/TLS → Overview → enable "Full (strict)" |
| Railway | Automatic | Check domain settings for cert status |
| Render | Automatic | Managed - check Settings → Custom Domains |
| Custom VPS | Manual | Use certbot with cron: 0 0 * * * certbot renew |
Check if your domain has this issue