Tell Me When Down
How it worksWhat we checkPricing
BlogFree toolsCompareDocs
Log inGet started
All posts
Shipping securely on a budget

Website down from an expired SSL certificate

July 18, 2026·5 min read
A weathered padlock on a dark iron gate — the certificate that secures a site, lapsed.

Your site was fine yesterday. Today every visitor hits a full-page red warning — NET::ERR_CERT_DATE_INVALID — and turns around. The server's up, the code's fine, nothing crashed. Your SSL certificate expired, and to a browser that's indistinguishable from dangerous.

An expired certificate is one of the most avoidable outages there is — it's a known date on a calendar — and one of the most common, because the thing that's supposed to renew it fails silently. Here's why it takes the whole site down, and why it's about to get easier to walk into.

Why an expired cert is a full outage

A certificate is how the browser verifies it's really talking to your site over an encrypted connection. Once it expires, the browser can no longer trust that, so it refuses to load the page at all and shows an interstitial warning instead. There's no "continue anyway" a normal visitor will click — for practical purposes, you're down.

This isn't a degraded experience or a broken image — it's a hard stop for every visitor at once, with a warning that reads like your site is compromised. Trust damage on top of downtime.

"But it auto-renews"

Most certificates are set to renew automatically, which is exactly why expiry still catches people: auto-renewal is a background job, and background jobs fail silently. The renewal hook breaks, a DNS check fails, an API token expires, the service that runs it gets disabled — and nothing tells you. The first signal is the outage itself.

And the window is shrinking fast

This is about to bite harder. The maximum lifetime of a TLS certificate is being cut dramatically over the next few years, so certificates expire — and need renewing — far more often than they used to.

398 → 200d
max cert lifetime drops in March 2026
100 days
the cap in 2027
47 days
the cap from March 2029
45 days
Let's Encrypt's shorter option, down from 90

More renewals means more chances for a silent renewal failure to slip through. A manual reminder that worked when certs lasted a year becomes unworkable at 47 days.

Check your expiry date now

You can see exactly when your certificate expires — and how many days that leaves — in seconds:

free tool · no loginSSL expiry checkPaste your domain and see the exact certificate expiry date and days remaining, so a lapse never surprises you. No login.

If it's already showing the warning

If you're reading this because the warning is already up: renew or reissue the certificate and make sure the new one is installed on every host and load balancer serving the domain. Then confirm it's live. For the wider "my site is down" playbook, see my website is down — how to fix it.

The fix that survives a broken auto-renewal

Because the failure mode is silence, the fix is a watch that doesn't rely on your renewal working. A monitor checking the certificate from outside sees the expiry date creeping up and warns you days before it lapses — so a dead renewal job becomes an email, not a red screen your customers find first.

Never get taken down by a date you could see coming.

Join Tell Me When Down free and we'll watch your certificate from outside your stack. If a renewal quietly fails, you get an email days before it expires — not a full-page browser warning discovered by a user.

Watch my certificatefree · no card required
more on shipping securely on a budget
The website launch security checklist nobody hands youYou get a deploy button, not a checklist — so most sites launch with the cert valid and nothing else checked. The four things to test from your URL in seconds, plus the code-side items that cost the most.My website says "Not Secure" — what it means and how to fix itThe "Not secure" label looks like a hack but usually isn't — it means your site isn't using HTTPS properly. Here's what the browser is really saying, and the common causes in plain language, fixed one by one.What are security headers? A plain-English guideSecurity headers tell the browser how to behave safely — refuse HTTP, block framing, don't guess file types. Here's what each of the ones that matter actually does, and why almost every new site ships without them.How to add security headers in Next.js (including CSP)Next.js sends no security headers by default. The static ones are a config block; the hard part is a CSP that helps without blocking your own scripts. Here's the nonce approach, the report-only trick, and the version caveat.SSL certificate expiry monitoring: why the calendar reminder failsA calendar reminder assumes your renewal works. But auto-renewal is a background job that fails silently, and cert lifetimes are dropping to 47 days by 2029. Here's why manual SSL tracking breaks, and what to monitor instead.Secure, HttpOnly, SameSite: the cookie flags that matterThree small flags — Secure, HttpOnly, SameSite — decide whether your session cookie is a locked token or the easiest thing to steal on your site. Here's what each closes, and how to check which your cookies set.

spot something wrong or out of date? [email protected] — we'll fix it

Tell Me When Down

Uptime and security monitoring for people who'd rather ship than babysit servers. We watch so you can sleep.

product
How it worksWhat we checkPricingDocsBlogFAQ
free toolsWebsite security scanSupabase pause checkRender sleep checkMixed content checkerSecurity headers checkCookie security checkSSL expiry check
comparevs UptimeRobotvs Better Stackvs PingdomFor indie hackers
company
StatusAbout our botSupportPrivacyTerms
© 2026 TellMeWhenDown · tellmewhendown.com