How to fix SSL/TLS certificate expiry or expiring soon
Quick fix guide with step-by-step instructions. Barrion detects this finding in your scans; use this page to remediate it.
What it is
SSL/TLS certificates have a validity period (e.g. 90 days for Let's Encrypt, up to 1 year for many CAs). When they expire, browsers will show a security error and users cannot access your site over HTTPS.
Why it matters
An expired certificate breaks HTTPS and damages trust. Renewing before expiry and automating renewal (e.g. certbot) avoids outages. Monitoring certificate expiry (e.g. with Barrion) gives you advance warning.
How to fix it
- 1
Check expiry date
Use Barrion's certificate expiry tool or openssl to see when your certificate expires. Plan renewal at least 2–4 weeks before expiry.
- 2
Renew the certificate
If using Let's Encrypt, run certbot renew (or your ACME client). For other CAs, request a new certificate and install it on your server.
- 3
Install and reload
Install the new certificate and private key on your web server, then reload the server (e.g. systemctl reload nginx) so it serves the new cert.
- 4
Monitor continuously
Use continuous monitoring or periodic scans to get alerts before the next expiry so you never miss a renewal.
Check your site
Run Barrion's free tls / https check to see if this finding applies to your app and get a full report.
Run free check →
