Introduction
Ever since 2014, Google has prioritised the use of SSL certificates and websites using HTTPS. Since 2018, browsers, such as Chrome, have started displaying websites as ' not secure' and even initially preventing users from accessing websites without an SSL certificate.
It's fair to say that an SSL certificate is one of the most important pieces of a business website's toolkit. Without it, your website may not appear in search results and could deter visitors.
What is an SSL certificate?
A secure sockets layer (SSL) is a digital document that works as a certificate to confirm the identity of a website. Authentification with SSL helps use HTTPS to make the connection between the user and the website more secure and private.
There are a few different ways that you can obtain an SSL certificate. Some hosts will provide you with free SSL certificates with providers like Let's Encrypt. If you use Cloudflare for your DNS records, you can get a free SSL certificate with them. Also, you can buy premium SSL certificates via various companies.
Whichever route you choose, the end result is to:
Encrypt data transmitted between a user's browser and the website.
Authenticate the website's identity to prevent impersonation.
Build trust with users by indicating that the connection is secure.
When does an SSL certificate expire?
Due to the purpose of an SSL certificate being about security and validity, a certificate only lasts for a limited period of time. They require the owner of the website to routinely reauthenticate that they own the website and that it is legitimate.
If you are using a free SSL certificate from Let's Encrypt, it expire every 90 days. This is the same for Cloudflare's SSL certificates. Some premium, paid options provide certificates for 1-5 years.
Ultimately, you can expect the certificate to expire at some point and you need to be prepared for that.
Quite often the free services, such as Cloudflare and Let's Encrypt will auto-renew around 60 days into their lifecycle. This does allow for some peace of mind, as long as the auto-renew works and does not require to occasionally check in with you.
When you choose a premium certificate, you will often have to manually copy and paste private keys into your hosting account. These keys are regenerated every time the certificate is renewed. Even if the payment is automatic, the process of renewing the certificate within your hosting is manual.
What are the risks of an SSL certificate expiring?
You have probably already seen the consequences of an SSL certificate being left to expire. Essentially, visitors will encounter warnings indicating that the connection is not private or secure.
There will be no padlock and HTTPS showing for your visitors. What's even more important than the visual aspect is the security risk. Without a valid SSL certificate, data transmitted between your site and its users is unencrypted. This makes you and your visitor's traffic vulnerable to interception and attacks.
Your website will be down and it will affect customers and, eventually, your SEO ranking. The most important factor of all is the loss of trust and the potential malicious security consequences for all concerned.
How can you monitor the expiration of an SSL certificate?
Whether you have an auto-renewing free certificate or a premium one, you need to be alerted if the certificate is about to expire. Let's Encrypt certificates issued by hosting companies usually renew automatically every 60 days. However, I have on numerous occasions experienced incidents where SSL auto-renews have failed. Other people have also reported similar issues. This is not uncommon for any auto-renewing system, you cannot always trust them to work every time.
In the past, Let's Encrypt have kept users informed of when their certificates are due to expire. Recently, they have announced an end to their automated reminders.
It is more important than ever to ensure you have a tool in place to monitor for the imminent expiration of your SSL certificates.
How can UpWatch help?
We provide seven website monitors to help you give you peace of mind about your website. As part of our monitoring, we provide SSL expiration monitoring. As a fail-safe, we will warn you within 30 days of your SSL certificate expiring to make sure your website doesn't become 'not secure'.
Want to find out more and see how much that would cost? Check out our pricing page now.
