TLS / HTTPS · Check

SSL certificate expired — recovering from the outage and preventing the next one

An expired certificate is a hard outage: browsers refuse the connection, mobile apps fail TLS pinning, and any service-to-service call breaks. Renewing the cert is the immediate fix; deploying it to every TLS terminator (CDN edge and origin) and automating the next renewal is what prevents a repeat.

Why it matters

Most cert-expiry outages have the same root cause: nobody owned the renewal calendar after the original engineer left. Automation (ACME / Let's Encrypt / managed CDN certs) plus expiry monitoring removes the human bottleneck entirely.

Real-world risk

Browsers refuse the connection; outages and emergency fire-drills are common after expiry.

Fix steps (in order)

Renew the certificate and deploy it to every terminator (CDN + origin if both terminate TLS).
Enable automated renewal (ACME) and monitoring for expiry dates.

Topic explainer

TLS versions explained: 1.0, 1.1, 1.2, 1.3 and what to disable →

What's actually different between TLS 1.0, 1.1, 1.2, and 1.3 — cipher suites, forward secrecy, performance — and which versions to disable for compliance and security.

Verify the fix in 30 seconds

Run a Scorifya scan on the affected host after deploy. The same finding id (cert_expired) clears once the externally-observable signal is in place.

Run a free scan Methodology