The SSLNudge blog
Practical guides on SSL/TLS certificates — checking expiry, fixing errors, and never getting caught out by a renewal again.
- ·9 min read
How to renew an SSL certificate: a step-by-step guide
How to renew an SSL/TLS certificate with Let's Encrypt, certbot, Nginx, Apache, AWS ACM, and Windows IIS — plus how long renewal takes, how often to do it, and how to automate it so it never lapses.
Read article - ·8 min read
SSL vs TLS: what's the difference (and why we still say 'SSL certificate')
SSL and TLS explained: what each protocol is, the version history from SSL 2.0 to TLS 1.3, the real differences, and why the certificates are still called 'SSL certificates' even though everything uses TLS today.
Read article - ·7 min read
Check an SSL certificate with OpenSSL: the complete command reference
A practical OpenSSL command reference for SSL/TLS certificates: check a live site, read a .pem or .crt file, decode a CSR, verify the chain, match a key to a cert, list SANs and expiry, and convert formats.
Read article - ·7 min read
'SSL handshake failed': what causes it and how to fix it
The TLS/SSL handshake fails for a handful of predictable reasons — a protocol or cipher mismatch, an expired or untrusted certificate, an SNI problem, clock skew, or a missing intermediate. Here is how to diagnose and fix each one.
Read article - ·9 min read
Self-signed certificates: what they are, when to use them, and how to create one
What a self-signed certificate is, how it differs from a CA-issued one, when it is appropriate (and when it is a security risk), how to generate one with OpenSSL, and how to trust it on your own machines.
Read article - ·8 min read
Wildcard SSL certificates explained (and when to use one)
What a wildcard SSL certificate covers, the single-level subdomain limitation, how it compares to multi-domain (SAN) certificates, the security trade-offs of one key across many hosts, and how to get one free.
Read article - ·9 min read
'Your connection is not private': why a certificate isn't trusted and how to fix it
Browsers show 'your connection is not private' when they can't trust a certificate. The cause is usually a missing intermediate, an untrusted or self-signed root, an expired cert, a name mismatch, or a wrong system clock. Here is how to find and fix each.
Read article - ·8 min read
How long is an SSL certificate valid? The shrinking certificate lifespan
Public SSL/TLS certificates max out at 398 days today, and the CA/Browser Forum has voted to cut that to 47 days by 2029. Here is the current limit, the timeline ahead, why lifespans keep shrinking, and what it means for you.
Read article - ·8 min read
How to get alerted before your SSL certificate expires
Stop finding out about expired certificates from your users. Here are five ways to get alerted before an SSL/TLS certificate expires — from cron + openssl to automated monitoring.
Read article - ·7 min read
How to check an SSL certificate’s expiration date (5 ways)
Check any SSL certificate’s expiry date using openssl, your browser, curl, an online checker, or automated monitoring. Copy-paste commands for every method.
Read article - ·6 min read
Your SSL certificate expired: what it means and how to fix it
What an expired SSL certificate actually means, why browsers block the site, how to fix it fast, and how to make sure it never happens again.
Read article - ·7 min read
How to monitor internal and private SSL certificates
Internal services, private PKI and mutual TLS certificates expire too — and they’re easy to forget. Here’s how to keep track of certificates that aren’t exposed to the public internet.
Read article - ·9 min read
The SSL certificate chain explained (and how to debug chain errors)
Leaf, intermediate and root certificates, how the chain of trust works, and how to debug the “unable to verify the first certificate” errors caused by a missing intermediate.
Read article - ·10 min read
SSL certificate monitoring: the complete guide
Why certificate monitoring matters, what to actually check beyond the expiry date, how often to check, and how to set up alerts that reach the right people in time.
Read article