How to fix an expired or untrusted TLS certificate
Renew and correctly install your TLS certificate so browsers trust your site instead of showing a full-page warning.
What it is
A TLS certificate proves your site's identity and encrypts traffic. It has an expiry date and must chain to a trusted authority.
Why it matters
An expired or untrusted certificate triggers a scary full-page browser warning that blocks the site entirely — instantly losing visitors and revenue.
How to fix it
- 1Check the expiry and issuer (your browser's padlock, or re-scan here).
- 2Renew the certificate before it expires — automate it with Let's Encrypt/certbot or your host's auto-renewal.
- 3Install the full chain (certificate + intermediates), not just the leaf, or some clients will show it as untrusted.
- 4Make sure the certificate covers the exact hostname (including www and any subdomains via SAN or a wildcard).
- 5Set a calendar/monitoring alert well before the next expiry — or enable our monthly monitoring to be warned automatically.
Not sure if your site is affected?
Run a free scan — or let us fix it all for you.