Fix SSL Certificate Expired

Check Expiration Date

echo | openssl s_client -servername yourdomain.com -connect yourdomain.com:443 2>/dev/null | openssl x509 -noout -dates

Fix 1: Renew Let's Encrypt Certificate

# Test renewal
sudo certbot renew --dry-run

# Force renewal
sudo certbot renew --force-renewal

# Check certbot timer
sudo systemctl status certbot.timer

Fix 2: Manual Renewal for Paid Certificates

Purchase renewal from CA
Download new certificate files
Replace old files
Restart web server

sudo systemctl restart nginx
# or
sudo systemctl restart apache2

Fix 3: Auto-Renewal Setup

# Add to crontab
0 0,12 * * * certbot renew --quiet
0 0,12 * * * systemctl reload nginx

Fix 4: Temporary Workaround

If certificate expired, you can:

Use HTTP temporarily (not recommended)
Install a new Let's Encrypt certificate even if domain unresolved
Buy certificate with auto-renewal

Fix 5: Cloudflare Universal SSL

Use Cloudflare proxy which provides free SSL.

Monitor Expiration

# Script to check
DAYS_LEFT=$(echo | openssl s_client -servername yourdomain.com -connect yourdomain.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2 | xargs -I{} date -d {} +%s)
if [ $DAYS_LEFT -lt 604800 ]; then
    echo "SSL expires in less than 7 days" | mail -s "SSL Alert" admin@example.com
fi

Check Expiration Date

Fix 1: Renew Let's Encrypt Certificate

Fix 2: Manual Renewal for Paid Certificates

Fix 3: Auto-Renewal Setup

Fix 4: Temporary Workaround

Fix 5: Cloudflare Universal SSL

Monitor Expiration

Was this article helpful?