What it is
Every TLS/SSL certificate has a fixed validity period. When it expires, browsers immediately flag the site as insecure or block access altogether. Any internet-facing service—marketing sites, APIs, edge proxies, customer portals, or third-party integrations—can fail if its certificate is out of date or configured without automated renewal.
Why it matters
Expired certificates routinely cause avoidable incidents:
- Websites and APIs go offline or show full-screen warnings
- Third-party integrations that rely on mTLS fail silently
- Customers lose confidence and abandon conversions
- Incident responders scramble to issue and deploy a new cert under pressure
Because certificate lifetimes continue to shrink (currently 398 days), overlooking renewal windows creates recurring availability and trust issues.
How to reduce risk
- Maintain an inventory of every certificate across root domains, subdomains, and vendor-managed services
- Enable automated renewal (ACME, managed PKI, or CDN automation) wherever possible
- Configure monitoring that alerts well before expiration thresholds (30/15/7 days)
- Test renewal workflows regularly to ensure new certificates deploy cleanly to all endpoints