` reads). %> What Happens When Your SSL Certificate Expires? | TLS Radar Skip to main content
troubleshooting 4 min read By TLS Radar Team

What Happens When Your SSL Certificate Expires?

An expired SSL certificate doesn't quietly fail. Every visitor to your site sees a full-screen browser warning. New customers don't sign up. Existing customers lose trust. Search engines notice. The cost is real and adds up faster than most teams expect.

Here's exactly what happens, in order, when an SSL certificate expires - and what each consequence costs you.

What visitors see (within seconds)

The browser blocks the site with a full-screen interrupt. The exact wording differs by browser, but the message is always some variant of "this connection is not safe." The visual treatment is designed to be alarming:

  • Chrome shows a red shield and the headline "Your connection is not private." The default action button says "Back to safety." The option to continue is buried as a small link.
  • Firefox shows a triangle-with-exclamation-mark and "Warning: Potential Security Risk Ahead."
  • Safari shows a similar warning with "This Connection Is Not Private."
  • Edge and Brave follow the same pattern.

On mobile, the warnings are full-screen with even less ability to dismiss them. Some mobile browsers don't surface a "proceed anyway" option for certificate errors at all.

What visitors do (within seconds)

Almost nobody clicks through. Multiple studies of warning interactions over the past decade show bounce rates on certificate warning pages of 80–95%. The decision is fast - most users see the warning, close the tab, and search for an alternative.

New visitors bounce hardest. They have no brand attachment to overcome the warning. Their first impression of your site is "this site is not safe." Some never come back.

What it costs in lost revenue

Direct revenue loss is the easiest number to calculate. Take your monthly revenue, divide by total minutes in a month, multiply by the minutes you were down:

  • A SaaS doing $50,000/month loses about $1.15 per minute of outage.
  • An e-commerce site doing $5 million/month loses $115 per minute.
  • A public company at scale loses much more.

For a multi-hour outage, the direct revenue loss alone is a five-to-six-figure event for most organisations. That's before the second-order costs.

What it costs in trust

The trust cost is harder to measure and probably larger than the direct revenue loss. A new visitor who sees "this connection is not private" doesn't think "their certificate expired" - they think "this site is not safe." That impression survives the fix. The next time they're considering you against a competitor, the small voice in the back of their head says "weren't they the ones with the security warning?"

Trust signals are asymmetric. A single security warning weighs heavily against many positive interactions. Certificate warnings are exactly this kind of signal.

What it costs in SEO

Google notices when sites serve errors. A short SSL outage can leave a multi-week footprint in search rankings:

  • Crawl frequency drops. Googlebot reduces how often it crawls a site that returned errors.
  • Indexed pages get demoted. Pages that returned errors during the last crawl can lose ranking until the next successful crawl.
  • Bounce signals accumulate. Users bouncing from warning pages is a negative ranking signal.

A few hours of certificate failure can mean weeks of recovery in search visibility.

What it costs in compliance

If your organisation is under PCI-DSS, HIPAA, SOC 2, ISO 27001, or any other audit framework, an outage caused by an expired certificate is a particularly bad finding to explain. Auditors don't fault you for technical sophistication problems - they fault you for hygiene failures. "The certificate expired and we didn't notice" is the textbook example of a hygiene failure.

What it costs in engineering time

Every certificate outage is a fire drill. Two or three engineers stop what they're doing. Someone wakes up. A Slack incident channel gets created. A post-mortem gets written. A Jira ticket promises this will never happen again. Then, six months later, it happens again. None of that work ships features.

If your certificate just expired

Don't wait. Get a working certificate back in place as fast as possible:

Need a working certificate right now?

Beacon issues free 90-day Let's Encrypt certificates with a guided DNS-validation flow. No account, no command-line tools, no ACME client to install - just a domain you control. Most people get a working certificate in under 10 minutes.

Get a free certificate from Beacon

If you're here to prevent this

The fix isn't more careful humans. It's structural: monitoring that catches the problem before users do, alerts that go to teams rather than individuals, and verification from outside your network (not just from the server's view of itself).

Stop this from happening again

TLS Radar continuously monitors every certificate across your domains and alerts you weeks before anything expires, and also catches the silent failure modes (chain breaks, weak ciphers, hostname mismatches) that expiry-only monitoring misses. Built for solo developers monitoring a handful of sites and for enterprise teams managing thousands of certificates across multiple environments.

Sign Up Talk to us about enterprise solutions

Related reading

Get the next post in your inbox

TLS monitoring tips and product updates. No spam, unsubscribe anytime.

Keep reading

guides 2 min

How to Prevent SSL Certificate Expiration Downtime
outage-prevention 7 min

The True Cost of a TLS Outage (And Why Calendars Won't Save You)
guides 5 min

Valid SSL Certificate, but Chrome Says 'Not Secure'? Here's Why

Comparing tools? See how TLS Radar stacks up against DigiCert and SSL.com.