← Knowledge

Expired SSL certificate: immediate steps and what it means for SEO

An expired SSL certificate makes your site inaccessible to visitors and Google. What to do immediately — and how to never miss it again.

What happens immediately

When your SSL certificate expires, the browser shows every visitor a red security warning ("Your connection is not secure"). Most people click away — conversions drop instantly. And Googlebot, too, only crawls a page with an invalid certificate in a limited way, or not at all.

Immediate actions

1. Renew the certificate. With Let's Encrypt: run certbot renew (and check why the auto-renewal didn't kick in). For purchased certificates: reissue with the provider and install it.
2. Reload the web server (e.g. systemctl reload nginx) so the new certificate becomes active.
3. Check that the site loads again via https:// without a warning — including www and subdomains.

Why auto-renewal sometimes fails

Let's Encrypt is supposed to renew automatically — but the cron job was disabled, port 80 needed for validation was blocked, or a configuration change broke the renewal hook. The tricky part: you only notice once the certificate has already expired — which is to say, exactly when it's too late.

How to never miss it again

You need a warning before the certificate expires — not after. Canary checks the remaining validity of your certificate every day and warns you in good time (well before expiry) when things get tight. That way you have days of lead time instead of a red warning on Monday morning.