Website Design Services
Speak to a Social Media Expert
In This Article

Your website has a padlock in the address bar today, and one morning it might not. That, in a nutshell, is what SSL certificate renewal is really about; a small piece of housekeeping that quietly decides whether a visitor trusts your business or bounces straight off a big red warning screen. We say this to clients all the time: nobody notices your certificate until the day it breaks, and then absolutely everybody notices.

If you run a small business and the word “certificate” makes you want to close the tab, stay with us. You do not need to understand cryptography to get this right. You need to know when your certificate expires, who is responsible for renewing it, and what to do on the day. That is genuinely the whole job.

An SSL certificate is a trust badge with a shelf life

An SSL certificate (strictly a TLS certificate these days, though almost everyone still says SSL) does two jobs. It encrypts the traffic between your visitor’s browser and your web server, so anything they type, a contact form, a password, a card number, cannot be read by anyone sitting in the middle. And it proves that the site really is yours, because a Certificate Authority has checked that you control the domain before issuing it.

The important bit for you: it is issued for a fixed period. Certificates used to run for two or three years. Now the industry standard is closer to a year, and free certificates from Let’s Encrypt run for just ninety days. When that window closes, the certificate stops being valid. Not degraded, not a bit wobbly; invalid. Browsers do not offer a grace period.

So renewal is not optional maintenance you can push to next quarter. It is a recurring deadline, like an MOT for your website.

SSL Certificate Renewal: How to Keep Your Website Secure and Trusted

What actually happens when you let a certificate lapse

Here is where the theory turns into lost money. The moment a certificate expires, every major browser throws up a full-page interstitial warning telling visitors the connection is not private and that attackers might be trying to steal their information. Your carefully designed homepage is not on screen; a warning is.

The knock-on effects stack up quickly:

  • Visitors leave immediately: most people will not click through a security warning, and honestly, they should not. You have trained them for years to avoid exactly that screen.
  • Forms and checkouts stop converting: if you take enquiries or payments, that revenue goes to zero for as long as the site is throwing errors.
  • Search visibility takes a knock: HTTPS is a ranking signal, and crawlers hitting an insecure site repeatedly is not a good look.
  • Email and integrations can break: anything talking to your domain over HTTPS, from a booking system to a payment gateway callback, may refuse to connect.
  • Your reputation takes the real damage: a customer who saw “your connection is not private” on your site remembers it far longer than you would like.

All of that from a diary entry nobody made. Painful, and completely avoidable.

How to renew your SSL certificate, step by step

The exact buttons vary by host, but the shape of the process is the same everywhere. Work through it in this order and you will not get caught out.

Step one: find out what you actually have

Open your site, click the padlock in the browser, and view the certificate details. You will see who issued it and, crucially, the expiry date. Write that date down. If you cannot find it, your hosting control panel will list active certificates under a heading like SSL, Security, or Certificates.

Step two: work out who is responsible

This trips up more small businesses than anything else. Your certificate might sit with your web host, your domain registrar, a separate certificate provider, or your web developer’s account. If a freelancer built the site three years ago and set it up on their own login, that is a conversation you want to have well before renewal week, not during it.

Step three: decide whether to auto-renew

Most hosts offer automatic renewal, and most of the time you should take it. Let’s Encrypt certificates in particular are designed to renew themselves every sixty to ninety days without a human touching anything. If your host offers managed, auto-renewing SSL, switch it on and let the machines do the boring bit.

Step four: generate a CSR if you are buying a paid certificate

For paid certificates you will usually need a Certificate Signing Request, generated from your server or control panel. It contains your domain and organisation details. Your host’s support team will do this for you if you ask nicely; it takes them two minutes and it saves you an afternoon.

Step five: complete validation

The Certificate Authority needs to confirm you control the domain. For a basic domain-validated certificate this is usually an automatic DNS or file check, done in minutes. For organisation-validated or extended-validation certificates, expect paperwork and a few working days, so start early.

Step six: install it and actually check

Once the new certificate is issued, install it (or let your host do it), then verify. Load your site in a private browsing window, click the padlock, and confirm the new expiry date. Run an online SSL checker to make sure the full certificate chain, including any intermediate certificate, is being served properly. A missing intermediate is the classic “works on my laptop, broken on someone’s phone” bug.

Which certificate should you renew onto?

Renewal is a decent moment to ask whether you are on the right product. Here is the honest comparison for a typical small business:

  • Domain Validated (DV): the everyday option. Checks only that you control the domain, issues in minutes, often free or very cheap. Right for the vast majority of brochure sites, blogs and small shops.
  • Organisation Validated (OV): the Certificate Authority also verifies your company exists. Takes days rather than minutes and costs more. Worth considering if you handle sensitive client data and want your details visible in the certificate.
  • Extended Validation (EV): the most rigorous vetting of your legal entity. Browsers no longer show the old green address bar, so the visible benefit has shrunk considerably; mostly relevant to finance, healthcare and larger enterprises.
  • Wildcard: covers your domain and all its subdomains (shop.yoursite.co.uk, blog.yoursite.co.uk) with one certificate. Tidy if you run several subdomains.
  • Multi-domain (SAN): covers several different domains on one certificate. Useful if you own a .co.uk and a .com and point both at the same site.

Our blunt view: unless you have a specific compliance reason, a free auto-renewing DV certificate does everything a small business site needs. Spend the money you saved on your content instead.

Best practices that make renewals boringly uneventful

The goal is not to be good at renewing certificates. The goal is to never think about it again.

  • Put the expiry date in a shared calendar: not your personal one. If you get hit by a bus, someone else needs that reminder. Set it for thirty days before, and again for seven.
  • Use a monitoring service: plenty of free uptime tools will email you when a certificate is approaching expiry. Cheap insurance.
  • Use a role-based email address: renewal notices sent to a departed employee’s inbox are the single most common cause of an expired certificate. Point them at something like admin@ that more than one person watches.
  • Keep a one-page ownership record: which host, which registrar, which login, who pays for it. Boring, well-built documentation saves whole days.
  • Force HTTPS site-wide: redirect all HTTP traffic to HTTPS, and make sure internal links and images are not still pointing at http:// or you will get mixed-content warnings even with a perfectly valid certificate.
  • Test after every renewal: ten seconds with an SSL checker beats a customer telling you your site is broken.

Common mistakes we see small businesses make

Assuming the host handles it. Some do, many do not, and “I thought it was automatic” is not a defence your customers will care about. Check, do not assume.

Renewing the certificate but forgetting to install it. Buying is not deploying. The new certificate has to be put on the server and the old one replaced; on some setups that is one click, on others it is a support ticket.

Letting the domain expire instead. A certificate is useless if the domain underneath it has lapsed, and domain renewal notices land in the same forgotten inbox.

Ignoring subdomains. Your main site is fine, but the shop on a subdomain is throwing warnings, because the certificate never covered it. Wildcards exist for a reason.

Leaving it with the developer who has moved on. Access to renew should always sit with the business that owns the website. Always.

Where certificate management is heading next

The direction of travel is clear: certificate lifetimes are getting shorter, and automation is becoming compulsory rather than optional. The industry has been steadily cutting maximum validity periods, and the expectation is that this continues. Shorter lifetimes are good for security (a stolen certificate is useful to an attacker for less time) but they make manual renewal completely impractical.

Which means the future is simple for you: get onto an auto-renewing setup with a host that manages certificates properly, and the whole issue stops being your problem. The businesses that struggle over the next few years will be the ones still treating renewal as an annual manual chore.

How often do I need to renew my SSL certificate?

It depends on the certificate. Free Let’s Encrypt certificates last ninety days and are designed to renew automatically. Most paid certificates are now issued for a maximum of about thirteen months. Check the expiry date on your own certificate rather than assuming.

What happens if my SSL certificate has already expired?

Renew it as fast as you can. Visitors are currently seeing a browser warning, so this is a live emergency, not a tomorrow job. If you are on a free certificate, forcing a renewal usually fixes it within minutes. If it is a paid certificate, contact your host or provider immediately.

Does an expired certificate hurt my Google rankings?

Indirectly, yes, and quickly. HTTPS is a confirmed ranking signal, and beyond the algorithm you will be haemorrhaging traffic because visitors are bouncing off a warning page. The behavioural damage tends to hurt more than the technical one.

Is a free SSL certificate good enough for my business?

For most small businesses, yes. A free domain-validated certificate provides exactly the same encryption strength as a paid one. What you pay for with premium certificates is a deeper identity check and a warranty, not stronger security.

Can I renew my SSL certificate myself?

Often, yes, especially if your host has a one-click SSL panel. If you are staring at a control panel you do not recognise and the site is live and earning, this is a sensible moment to ask someone who does this every day.

Your SSL certificate renewal checklist

  • Find the expiry date: click the padlock, note the date, put it in a shared calendar.
  • Confirm ownership: know exactly which account and which login controls the certificate.
  • Turn on auto-renewal: if your host supports it, this is the single highest-value ten seconds of the whole process.
  • Set reminders: thirty days out and seven days out, to a shared inbox.
  • Check the right product: do you need a wildcard for subdomains, or is a single-domain certificate fine?
  • Verify after renewal: private window, click the padlock, confirm the new date, run an SSL checker.
  • Force HTTPS everywhere: redirect HTTP, fix mixed content, keep the padlock clean.
  • Write it down: a one-page record of host, registrar, logins and renewal dates.

Contact Us

If reading this has made you realise you have no idea when your certificate expires, or who owns it, you are in extremely good company. It is one of the most common gaps we find when we take over a website, and it takes us minutes to fix. Delivered Social helps small businesses across the UK with web design, hosting and the unglamorous technical housekeeping that keeps a site trusted and earning, SSL certificate renewal very much included.

Come and talk to us. Get in touch with the team at Delivered Social and we will check your certificate, tell you honestly whether you need to spend anything, and set it up so it renews itself while you get on with running your business.

Share This Article

About the Author: Jonathan Bird

Jon built Delivered Social with one simple idea in mind: that great marketing shouldn't be reserved for businesses with big budgets. A dedicated marketer, international speaker and proven business owner, he's a genuine fountain of knowledge (though he'll tell you himself that the first cup of coffee helps). When he's not working, you'll find him out walking Dembe and Delenn, his two French Bulldogs. Oh, and if you don't already know — he's a massive Star Trek fan.