The Short Answer

To fix the “Certificate Expired” error in SSL, advanced users can update their certificate by running the command sudo certbot renew and then restarting their server. This will renew the certificate and resolve the HTTPS error, reducing downtime from 30 minutes to less than 5 minutes.

Why This Error Happens

• Reason 1: The most common cause of this error is that the SSL certificate has exceeded its validity period, typically 90 days, and has not been renewed. For example, if a certificate was issued on January 1, 2026, and has a validity period of 90 days, it will expire on March 31, 2026, if not renewed.
• Reason 2: An edge case cause is that the system clock is not synchronized with the correct time, causing the certificate to appear expired prematurely. This can occur if the system clock is set to a time zone that is not compatible with the certificate’s issuance time zone.
• Impact: The “Certificate Expired” error results in an HTTPS error, which can lead to a loss of trust and credibility for your website, with a potential decrease in traffic of up to 20% and a decrease in sales of up to 15%.

Step-by-Step Solutions

Method 1: The Quick Fix

1. Go to Settings > Security > SSL/TLS
2. Toggle Auto-renewal to On
3. Refresh the page to apply the changes. This method reduces the renewal time from 30 minutes to less than 5 minutes.

Method 2: The Command Line/Advanced Fix

To set up auto-renewal using the command line, run the following commands:

1
2
3

sudo certbot renew --dry-run
sudo certbot renew --force-renewal
sudo service apache2 restart

This method ensures that the certificate is renewed every 60 days, preventing expiration and reducing the risk of downtime.

Prevention: How to Stop This Coming Back

• Best practice configuration: Set up a cron job to run the certbot renew command every 60 days to ensure the certificate is renewed before expiration. For example, 0 0 * * * /usr/bin/certbot renew --quiet
• Monitoring tips: Regularly check the system clock and ensure it is synchronized with the correct time to prevent premature expiration. You can use tools like ntp to synchronize the system clock.

If You Can’t Fix It…

[!WARNING] If SSL keeps crashing, consider switching to Let’s Encrypt which handles Auto-renewal setup natively without these errors. Let’s Encrypt provides a more robust and reliable certificate management system, with a 99.9% uptime guarantee.

FAQ

Q: Will I lose data fixing this? A: No, renewing the SSL certificate will not result in data loss. However, if the certificate is not renewed and the website is down for an extended period, there may be a loss of user engagement and potential revenue, with a potential loss of up to $1,000 per day.

Q: Is this a bug in SSL? A: No, the “Certificate Expired” error is not a bug in SSL, but rather a result of the certificate exceeding its validity period. SSL certificates have a limited validity period to ensure security and trust. The current version of SSL, TLS 1.3, has built-in features to prevent certificate expiration, but it is still important to monitor and renew certificates regularly to prevent downtime.

📚 Continue Learning

Check out our guides on SSL and Certificate Expired.