One of the most important things a company with a site protected by an SSL certificate should ensure is keeping it up to date. Why is this so important? For what period are SSL certificates issued, and what are the consequences of their expiration?

Length of the validity period

Certificates are not granted indefinitely; they have a specific validity period. These guidelines are constantly being updated. Initially, the period was as long as 5 years. Later, it was reduced to 3 years, and these guidelines remained in place until the beginning of 2018. After that, it was lowered again, and since March 2018, the maximum validity is 2 years. As you can see, the trend is clear, and the changes consistently move toward shorter validity periods. Currently, the validity of SSL certificates is 1 year. However, it is possible to simplify the use of long-term certificates by opting for a 3-year SSL certificate subscription: Multi-year Subscription SSL

Reasons for these restrictions

What prompted this change? The reason for raising these requirements is concern for the greatest possible security of internet users. Especially since fraudsters are not idle and are constantly seeking new ways to steal data. Depending on the type of SSL certificate, when it’s issued, the right of a company to use a given domain is verified, along with the accuracy of the company’s details, its legal status, and other information intended to guarantee the entity’s honesty. However, things—especially on the internet—change quickly. Individual domains can pass from hand to hand, as can shares in the companies that manage them. Ownership changes introduce new risks into the certification system. This is precisely why a specific validity period has been established for SSL certificates. It’s easy to imagine that if certificates were granted indefinitely, once obtained, a site along with its certificate could be sold indefinitely to subsequent owners. Each of them could boast about having a valid certificate, even though their details would not be verified in any way. Requiring periodic renewal is intended to prevent such situations. The more frequently a certificate must be renewed, the more quickly all changes related to a given site will be detected and disclosed by the certifying authority. This significantly increases internet user security and reduces the likelihood of data theft.

Adverse effects

What are the consequences of not having a valid SSL certificate? Virtually all web browsers automatically detect this when attempting to connect to the site. As a result, it becomes very noticeable to every visitor. Upon detecting that the certificate’s validity period has been exceeded, they block access to the site and display a large message informing the user that the certificate has expired and the connection is not secure. It’s not hard to guess that showing such a message every time someone tries to enter the site leads to a sharp drop in visitors. Although browsers generally offer the option to ignore this message and proceed to the website anyway, the vast majority of visitors will not do so. This is a very sensible approach, recommended by network security specialists.

Such a situation not only damages the company’s image and undermines trust but can also have direct financial consequences. These will be felt especially by online stores conducting their entire business via the internet. That is why site administrators and owners should be very vigilant in monitoring the validity periods of their SSL certificates.