SSL expiration can cause critical damage to your company, brand and bottom line
A lot of people ask us, why is SSL expiry a big deal? Who cares if my website has an expired certificate? Well, Google for one. But that line of thinking misses the point. An SSL certificate provides certain protections for your websites visitors and even your own employees, but it has additional benefits, too.
It also says something about you and your business when you can’t bother to keep an up-to-date SSL certificate installed. Today we’re going to talk about why SSL certificates expire and then give you 5 ways that having an expired SSL certificate is hurting your business.
SSL Expiration – An Explanation
A lot of people wonder why SSL certificates expire. Isn’t that some kind of scam, they ask. No, there are two very important reasons why SSL certificates need to expire. The first has to do with the validation aspect of the certificates. The Certificate Authorities that issue these SSL certificates need to occasionally check in make sure the domain is still under the same ownership and, if necessary, if anything has changed about the company.
It’s really no different than renewing a driver’s license in that respect.
Then there is the technical reason, it’s easier to push out industry-wide changes when certificates expire faster. For instance, a few years we changed hashing algorithms from SHA-1 to SHA-2. If SSL certificates never expired you would have huge swaths of the population who never upgraded. Even with longer validity periods, challenges are present. Under the old rules, max validity was 39 months, which meant you had to wait up to 39 months for some certificates to expire before the sunsetting was complete.
SSL has to expire. But you can’t let it have a negative impact on your business. Here’s 5 ways an expired SSL certificate can harm your business.
1.) It will hurt your traffic
While Google and the rest of the browser vendors may have just begun penalizing websites that aren’t being served via HTTPS, they’ve been maligning sites with expired certificates for years. When a browser arrives at a website with an expired SSL certificate it tosses up a full-page warning that the website ahead has an expired certificate, is not secure or cannot make secure connections. Regardless of the verbiage, nobody clicks through these warnings. And this is going to crater your traffic.
2.) It will hurt your brand
When people that have traditionally been able to use your website are no longer able to reach it because you let something expire on your end, they aren’t going to like it. The internet does not bring out people’s better nature and very quickly your company’s brand is going to take a big hit. It speaks volumes that you couldn’t both to renew your own SSL certificate. And it also says you don’t take security all that seriously, either.
3.) It will hurt your bottom line
With your brand damaged and your site unreachable, your bottom line is going to dip. You better hope you have offline revenues because your ecommerce sales are about to bottom out. Even if people do click through the browser warnings and think nothing about what the implications of expiration mean about your brand, they probably aren’t going to like the fact that you can’t connect securely to take their financial information and complete any transactions. In fact, it would be unethical for you to attempt to transact at all knowing all data would be transmitted in easily interceptible plaintext.
4.) Your customers will get hacked
Supposing someone clicks through the browser warnings, doesn’t hold it against your brand and actually wants to complete a transaction with you via HTTP—they are probably going to get hacked. Because your certificate is expired, your website will be a hot target for hackers, cybercriminals and all other range of technological ne’er-do-wells. They will be happy to eavesdrop on all of your connections and steal any financial details or login information that comes their way.
5.) You will die on the streets
With your traffic cratered, brand ruined, profits bottomed out and customers hacked, at best your company soldiers on and fires you for incompetence, at worst the whole organization goes kaput. Either way, you’re out of a job. This news ends up being the last straw for your marriage, too. She was already unhappy and now with this you’re going to be home more and dealing with your own stuff and it’s all just too much for her—you’re not the same man she fell in love with. Her departure throws you into dire financial straits, as it would already be a stretch for you to continue living your lifestyle without a joint income and now that you’re jobless and alone the money is going even faster. Within weeks you’ve sold off most of your belongings and are living in your car. Eventually you even sell that and move in with a surly Vietnam veteran under an overpass. After about a decade of sleeping rough, your immune system is shot, and a bout of Spring flu finally ends your misery on a bus stop bench a couple of blocks from the office you worked at when you let your SSL certificate expire.
- What to Do If A Current SSL Certificate Expired?
- Do I keep the same SSL certificate when renewing SSL?