All fix guides

How to fix an expired or untrusted TLS certificate

Renew and correctly install your TLS certificate so browsers trust your site instead of showing a full-page warning.

What it is

A TLS certificate proves your site's identity and encrypts traffic. It has an expiry date and must chain to a trusted authority.

Why it matters

An expired or untrusted certificate triggers a scary full-page browser warning that blocks the site entirely — instantly losing visitors and revenue.

How to fix it

  1. 1Check the expiry and issuer (your browser's padlock, or re-scan here).
  2. 2Renew the certificate before it expires — automate it with Let's Encrypt/certbot or your host's auto-renewal.
  3. 3Install the full chain (certificate + intermediates), not just the leaf, or some clients will show it as untrusted.
  4. 4Make sure the certificate covers the exact hostname (including www and any subdomains via SAN or a wildcard).
  5. 5Set a calendar/monitoring alert well before the next expiry — or enable our monthly monitoring to be warned automatically.

Not sure if your site is affected?

Run a free scan — or let us fix it all for you.

Privacy and cookie preferences

We use strictly necessary cookies to run the site. Analytics, marketing, and AI assistant telemetry are optional and disabled until you choose. You can update consent any time in Cookie Settings.

Some infrastructure cookies, such as load balancer routing cookies, are essential for service delivery. Details: Cookie Policy