SecurityHigh

Invalid or expiring SSL certificate

Your SSL/TLS certificate is invalid, self-signed, or expires in less than 30 days. Visitors will see a security warning in their browser.

Why it matters

An invalid or expired certificate drives visitors away ("your connection is not private" warning), penalizes SEO and blocks transactions.

How to fix

  1. 1

    Renew with Let's Encrypt (free)

    bash
    # Via Certbot (Ubuntu/Debian)
sudo certbot renew --force-renewal

# Verify automatic renewal
sudo certbot renew --dry-run
  2. 2

    Configure automatic renewal

    bash
    # Add to crontab (renewal 2x per day)
0 0,12 * * * /usr/bin/certbot renew --quiet
  3. 3

    Via cPanel / shared hosting

    Most hosting providers (OVH, o2switch, Infomaniak, SiteGround) offer Let's Encrypt or AutoSSL in one click from the control panel. Look for "SSL Certificate" in your interface.

  4. 4

    Verify certificate validity

    bash
    openssl s_client -connect yoursite.com:443 -servername yoursite.com 2>/dev/null | openssl x509 -noout -dates

Related articles

SecurityMissing HSTS header on your WordPress siteSecurityWordPress cookies missing Secure, HttpOnly or SameSite flags

Ready to fix this issue on your site?

Audit my site for free →