SSL Certificate Expired Fix

An expired certificate may be on the origin, CDN edge, www host or a forgotten subdomain. Check the exact host users visit.

Symptoms

  • Browser warns that the certificate expired.
  • curl reports certificate has expired.
  • Only www or one subdomain fails.

Likely causes

  • Certificate renewal failed.
  • CDN edge certificate differs from origin certificate.
  • The wrong certificate is served for SNI/host.

Fix steps

  1. Check expiry with openssl s_client or curl -Iv.
  2. Renew the certificate for every required host.
  3. Reload the web server or update CDN certificate settings.

Verify the fix

  • Test example.com and www.example.com.
  • Check certificate SAN names.
  • Confirm HTTP redirects still work after renewal.

FAQ

Can a CDN hide origin expiry?

Sometimes public users see the CDN certificate, while origin checks may still fail. Test both layers.

Should I test www separately?

Yes. www and apex can serve different certificates.

Related tools and guides

SSL SSL Checker Command Helper

Generate safe terminal commands for checking SSL certificates, HTTPS redirects, issuer, SAN names and expiry without storing credentials.

 HTTP HTTP Headers Checker

Analyze pasted HTTP response headers for cache, redirects, security headers and content-type issues without making server-side requests.

 Nginx Nginx Config Validator Helper

Review pasted Nginx snippets for common mistakes and generate safe test, reload and curl verification commands.

 Nginx Nginx 301 Redirect Workflow With Safe Testing

Redirect changes are small but risky. A safe workflow generates a narrow rule, validates Nginx syntax, tests Location headers and keeps rollback simple.

Last updated: May 18, 2026