High severity · Vercel

Expired SSL certificate on Vercel

Your SSL certificate is expired or expires within 30 days. Expired certs make your site unreachable in every major browser — users see a full-screen security warning they cannot dismiss on many browsers. The fix depends on your host. Managed platforms (Vercel, Cloudflare, Netlify) renew automatically and this should not happen — if it does, the auto-renewal broke (usually a DNS misconfiguration). Self-hosted Let's Encrypt certs renew via certbot.

The fix for Vercel

Vercel

Vercel auto-renews. If a cert expired, check: (1) domain still points to Vercel (DNS CAA records, CNAME); (2) domain is still added in Vercel dashboard. Remove and re-add the domain to trigger reissuance.

Why it matters

An expired cert is the single most visible outage your users will see. Conversion to zero. SEO takes a hit. Monitoring that catches this before expiry is essential.

Confirm the fix worked

Scan your Vercel site to confirm this finding is gone.

AI prompt

Apply across your codebase

Paste this into Cursor, Lovable, Bolt, v0, or Claude Code.

My SSL certificate is expired. Tell me what host I'm on (check DNS CNAME or A records for signatures like *.vercel-dns.com, *.cloudflare.com, *.netlify.app). Walk me through the specific renewal steps for that host. Then set up monitoring so I get an alert 14 days before expiry next time — use Better Stack, Uptime Kuma, or similar.

FAQ

Frequently asked questions

How long are modern certs valid?
Most Let's Encrypt and managed certs are 90 days. Commercial certs up to 13 months. Shorter is better — auto-renewal is the only sane way.

Related fix guides

Fix these too

Weak SSL cipher

TLS 1.0, TLS 1.1, or weak ciphers like RC4 or 3DES are vulnerable. Here is how to force modern TLS on Vercel, Cloudflare, and self-hosted servers.

Read more

Mixed content warnings

Loading HTTP resources from an HTTPS page breaks the security guarantee. Browsers block most of it automatically now — here is how to fix the rest.

Read more

Missing HSTS header

HSTS tells browsers to always use HTTPS for your site. Without it, users can be downgraded to HTTP and have sessions stolen. Here is how to add HSTS on Vercel, Next.js, and other hosts.

Read more

Concepts

Glossary

SSL / TLS

The encryption protocols that power HTTPS. TLS 1.2 and 1.3 are current; older versions are deprecated.

Read more

Free tools

Spot-check this

SSL checker

Certificate validity, TLS version, and cipher strength — in 10 seconds.

Read more