SecOps Automation: Reminder for SSL Certificate Renewal

These days, there is no excuse not to enable HTTPS for your website. In fact, it is mandated by Google in early 2018. As per the report given by major certificate issuing authorities, >85% of websites are using SSL certificates. However, certificates aren’t perpetual, meaning you’ll eventually need to renew them and do so correctly.

SSL certificates have expiration dates hardcoded into them. Below is an actual SSL certificate issued by AWS which has a standard expiry period of 398 days, or about 13 months. When they expire, web browsers will warn their users about your website. The reason SSL certificates expire is to keep your encryption up to date. By requiring you to renew your SSL certificate every year, you’ll always have the latest TLS versions and ciphers. It is a digital passport that checks the authenticity of both the client as well as the server.

Recently, Microsoft forgot to renew the certificate for its Windows Insider subdomain. There are multiple such examples of service outages caused due to SSL Expiration- 2022 Lengthy Megaphone podcast outage caused by Spotify failing to renew SSL Certificate, 2020 Microsoft Teams Outage, and even 2020 GitHub when the site layout broke. Such outages can be costly- financially as well as in reputability.

Why do SSL certificates need to be refreshed?

In a very basic way, having an SSL certificate for your business’s website assures the customer that they can have a safer business with you.

The World’s financial system depends heavily on the Internet being safe. There are many platforms that collect sensitive data such as a customer’s private details, bank details, and likewise. Security should be prioritized in such cases and proper measures should be taken in order to protect the business from being intruded.

There are two main reasons why limited-length certificates are necessary

  1. Renewing your certificate validates your website’s identity.
  2. It makes sure the encryption is up to date, which keeps the user’s data secure during transit.

The catch, in this case, is that web server admins must be aware of the expiring period of an SSL certificate and must renew it on or before time.

What Happens If My SSL Certificate Expires?

If you forget to renew the SSL protection, your website will display an error on the user’s browser stating that the certificate is not valid-

There can be disrepute and distrust among your customers. For all intents and purposes, an absence of an SSL Certificate won’t ensure your visitors that you hold a serious, genuine intent of doing business and thereby decreases visitors’ response to your site to translate into lesser leads.

How to Renew your SSL certificate?

Depending on the Certificate issuing authority, you can follow the given steps to renew your SSL certificate after you get a renewal email. For example- DigiCert’s renewal steps. To review certificates issued for your domain, you can search on censys.io.

You can add the issued certificates to AWS Certificate Manager(ACM) for better management. For self-signed certificates or the ones issued by the Amazon certificate authority (CA), ACM must verify that you own or control all of the domains that you specified in your request. You can perform verification using either email or DNS.

unSkript’s automation for SSL renewal reminder

We recounted some major businesses that faced outages just because they forgot to renew their SSL certificates. To avoid such a perilous situation, unSkript’s automation for Checking SSL Renewal Expiry may come in handy. It checks for the date of expiry and if it is less than 30 days, you will be sent a reminder on Slack for renewal.

You can try it out on our open-source Awesome-CloudOps-Automation repository on Github.

Share your thoughts