Ssl expiry
Quick winFound on 40% of audited stores.
Monitor your SSL/TLS certificate expiry date and set up auto-renewal so your store never goes offline or shows a security warning to shoppers.
What it is
An SSL/TLS certificate is the digital credential that puts the padlock icon in your browser's address bar and enables the "https://" in your store's URL. Every certificate has a fixed expiry date — after which browsers immediately block visitors with a scary "Your connection is not private" warning. Most certificates are issued for 90 days (free Let's Encrypt certs) or 1–2 years (paid certificates from providers like SSL Corporation, DigiCert, Sectigo, etc.). Knowing your expiry date and having automatic renewal in place is routine maintenance — like renewing a business licence — that keeps your store open and trusted.
Why it matters
If your certificate expires, every browser will show a full-page red warning to anyone trying to visit your store, effectively shutting you down until it is renewed — that means zero sales for the duration. Google also uses HTTPS as a ranking signal, so a lapsed certificate can hurt your search visibility. Beyond lost revenue, an expired cert erodes customer trust in a way that is hard to recover from: shoppers who see that warning rarely return. Depending on your jurisdiction and the type of data you collect, operating without a valid certificate may also expose you to PCI-DSS violations and data-protection regulatory risk.
How to fix it
- Locate your current certificate's expiry date — check your hosting control panel, your SSL provider's dashboard, or use a free online SSL checker tool (enter your domain to see issuer, validity period, and days remaining).
- Determine who issued and manages your certificate: your hosting provider, your ecommerce platform, a CDN (e.g. Cloudflare), or a standalone SSL provider. This tells you where renewal happens.
- Enable auto-renewal wherever the certificate is managed. Most modern platforms and hosts do this automatically via Let's Encrypt or their own CA — confirm the toggle is ON and that the payment method on file (for paid certs) is valid.
- If auto-renewal is not available, set calendar reminders at 60 days and 30 days before expiry to renew manually, giving yourself ample time to troubleshoot.
- After renewal or any certificate change, verify the new certificate is live and valid by revisiting your store in a browser (padlock present) or re-running an SSL checker tool.
- Subscribe to expiry-alert emails from your SSL provider or use a free monitoring service that emails you when your cert is within 30 days of expiry.
Fix it on your platform
Pick your platform for the exact steps.
How to fix ssl expiry on Shopify
- Shopify automatically provisions and renews a free SSL certificate for every custom domain connected to your store — no manual action is required.
- To confirm it is active: Admin → Settings → Domains → click your primary domain → look for 'SSL certificate — Pending' or 'SSL certificate — Active'.
- If a domain shows 'SSL unavailable', remove the domain and re-add it (Admin → Settings → Domains → Remove, then Add existing domain) to trigger re-provisioning.
- Ensure your DNS records (the CNAME and A records) point correctly to Shopify servers, as misconfigured DNS is the most common cause of SSL provisioning failure.
How to fix ssl expiry on Shopify Plus
- SSL management is identical to standard Shopify — certificates are auto-provisioned and auto-renewed by Shopify for all custom domains.
- For expansion stores and the checkout subdomain, verify each domain in Admin → Settings → Domains shows 'SSL certificate — Active'.
- Contact your Shopify Plus Merchant Success Manager if any domain stubbornly shows SSL unavailable after DNS is correct.
How to fix ssl expiry on WooCommerce
- WooCommerce itself does not manage SSL — your certificate is controlled at the hosting or server level.
- Log into your hosting control panel (cPanel, Plesk, Kinsta, WP Engine, SiteGround, etc.) and navigate to SSL/TLS or Security → SSL.
- If your host uses Let's Encrypt (most do), find the 'Auto-Renew' or 'Auto SSL' toggle and confirm it is enabled.
- For paid certificates managed outside your host, note the expiry date shown in the SSL dashboard and set a renewal reminder 60 days out.
- After renewal, visit WooCommerce → Settings → General and confirm both 'WordPress Address' and 'Site Address' begin with https://.
- Install a plugin such as 'Really Simple SSL' to catch any mixed-content warnings after a certificate change.
How to fix ssl expiry on BigCommerce
- BigCommerce automatically provides and renews a free shared SSL certificate for all stores on the platform.
- For a custom domain with a dedicated SSL, go to: Store Setup → Domain (in the BigCommerce control panel) and review the SSL status shown there.
- If you purchased a dedicated SSL through BigCommerce or a third party, contact BigCommerce Support (support.bigcommerce.com) to initiate renewal, as dedicated cert installation requires their involvement.
- Ensure your custom domain's DNS CNAME points to your BigCommerce store URL so the platform can manage certificate validation automatically.
How to fix ssl expiry on Wix
- Wix automatically issues and renews a free SSL certificate for all sites, including those on custom domains — no manual configuration is needed.
- To verify: Wix Dashboard → Settings → Domains → click your domain → confirm 'SSL certificate' shows as active (green).
- If your domain was connected via 'point to Wix' (changing nameservers), SSL is handled fully by Wix.
- If your domain was connected via 'connect a domain' (DNS records only), make sure the required CNAME and A records are correctly set at your domain registrar so Wix can validate and renew the cert.
How to fix ssl expiry on Squarespace
- Squarespace automatically provisions and renews a free SSL certificate for all custom domains connected to your site.
- To check status: Home Menu → Settings → Domains → click your domain → look for 'SSL' status (should show 'Active').
- If SSL shows as 'Pending' for more than 72 hours, confirm your domain's nameservers are pointed to Squarespace (if using Squarespace DNS) or that the required DNS records are correct at your registrar.
- Squarespace does not support uploading third-party certificates — all SSL is managed by the platform.
How to fix ssl expiry on Webflow
- Webflow automatically provisions a free SSL certificate via Let's Encrypt for all published sites on custom domains.
- To verify: Webflow Designer → Project Settings → Hosting → Custom Domains — each connected domain will show an SSL status badge.
- If a domain shows 'SSL error', remove and re-add the domain, then confirm the DNS records (A record and CNAME) match exactly what Webflow specifies in the Hosting tab.
- Webflow handles renewal automatically; no manual renewal action is required from the owner.
How to fix ssl expiry on Adobe Commerce (Magento)
- SSL is managed at the server/hosting level, not within Magento itself.
- Log into your server's control panel (cPanel, Plesk) or cloud hosting dashboard (AWS, Azure, GCP, Nexcess, etc.) and locate the SSL/TLS section.
- Confirm auto-renewal is enabled for Let's Encrypt, or note the expiry date of your paid certificate and set a 60-day renewal reminder.
- After installing a renewed certificate, log into the Magento Admin → Stores → Configuration → General → Web → Base URLs (Secure) and confirm all URLs use https://.
- Run 'bin/magento cache:flush' from the command line after any SSL/URL configuration change.
How to fix ssl expiry on Magento Open Source
- SSL is managed at the server/hosting level — log into your hosting control panel or server and navigate to the SSL/TLS management section.
- Enable auto-renewal for Let's Encrypt, or note your paid certificate's expiry date and set calendar reminders at 60 and 30 days out.
- After certificate renewal, verify in Magento Admin → Stores → Configuration → General → Web that Base Secure URL is correct and uses https://.
- Flush the Magento cache (bin/magento cache:flush) to ensure the updated certificate is served immediately.
How to fix ssl expiry on PrestaShop
- SSL is managed at the web-hosting or server level, not inside PrestaShop.
- Log into your hosting control panel and enable auto-renewal for your SSL certificate (Let's Encrypt or paid cert).
- Once the certificate is active, go to PrestaShop Admin → Shop Parameters → General → Enable SSL → set to 'Yes', and also enable 'Enable SSL on all pages'.
- Save, then browse your storefront to confirm the padlock appears and no mixed-content warnings are shown in the browser console.
How to fix ssl expiry on OpenCart
- SSL is managed by your hosting provider — log into cPanel/Plesk and confirm auto-renewal is on for your certificate.
- After renewal, verify OpenCart Admin → System → Settings → your store → Server tab → 'Use SSL' is set to 'Yes'.
- Update your config.php and admin/config.php files to use https:// in the HTTP_SERVER and HTTPS_SERVER constants if they were not already.
How to fix ssl expiry on Ghost
- Ghost(Pro) managed hosting handles SSL automatically — no action required. Verify the padlock appears on your custom domain.
- For self-hosted Ghost (on a VPS/server), Ghost uses Let's Encrypt via its built-in SSL setup. Run 'ghost config url https://yourdomain.com' and then 'ghost setup ssl' (or 'ghost restart') to provision/renew.
- Confirm auto-renewal is working by checking the Let's Encrypt renewal cron job on your server: 'systemctl status certbot.timer' or equivalent.
How to fix ssl expiry on Ecwid (by Lightspeed)
- If your Ecwid store is embedded in an existing website, SSL is managed by that website's hosting provider — log in there to verify renewal.
- If using an Ecwid instant site (ecwid.com subdomain or custom domain), SSL is handled automatically by Ecwid/Lightspeed — confirm the padlock is visible on your storefront.
- For custom domains on an Ecwid instant site, ensure your domain's DNS CNAME record points to Ecwid's servers so the platform can manage certificate issuance.
Does your site have this issue?
Run a free SEOLZ audit to find ssl expiry — and every other issue — across your whole site in minutes.
Scan my site freeFrequently asked questions
What is Ssl expiry?
An SSL/TLS certificate is the digital credential that puts the padlock icon in your browser's address bar and enables the "https://" in your store's URL. Every certificate has a fixed expiry date — after which browsers immediately block visitors with a scary "Your connection is not private" warning. Most certificates are issued for 90 days (free Let's Encrypt certs) or 1–2 years (paid certificates from providers like SSL Corporation, DigiCert, Sectigo, etc.). Knowing your expiry date and having automatic renewal in place is routine maintenance — like renewing a business licence — that keeps your store open and trusted.
Why does ssl expiry matter?
If your certificate expires, every browser will show a full-page red warning to anyone trying to visit your store, effectively shutting you down until it is renewed — that means zero sales for the duration. Google also uses HTTPS as a ranking signal, so a lapsed certificate can hurt your search visibility. Beyond lost revenue, an expired cert erodes customer trust in a way that is hard to recover from: shoppers who see that warning rarely return. Depending on your jurisdiction and the type of data you collect, operating without a valid certificate may also expose you to PCI-DSS violations and data-protection regulatory risk.
How do I fix ssl expiry?
Monitor your SSL/TLS certificate expiry date and set up auto-renewal so your store never goes offline or shows a security warning to shoppers.
Authoritative references
- Transport Layer Security (TLS) — MDN
- Let's Encrypt documentation — Let's Encrypt