# SSL: certificate expired: certificate has expired

- **ID:** `nginx/ssl-certificate-expired`
- **Domain:** nginx
- **Category:** config_error
- **Verification:** ai_generated
- **Fix Rate:** 95%

## Root Cause

The SSL certificate file loaded by nginx has passed its expiration date, causing TLS handshake failures.

## Version Compatibility

| Version | Status | Introduced | Deprecated |
|---------|--------|------------|------------|
| nginx 1.24.0 | active | — | — |
| nginx 1.22.1 | active | — | — |
| nginx 1.20.2 | active | — | — |

## Workarounds

1. **Renew the certificate using Let's Encrypt or your CA: `sudo certbot renew --nginx` or manually replace the certificate files and reload nginx: `sudo nginx -s reload`.** (95% success)
   ```
   Renew the certificate using Let's Encrypt or your CA: `sudo certbot renew --nginx` or manually replace the certificate files and reload nginx: `sudo nginx -s reload`.
   ```
2. **Check the certificate expiration date: `openssl x509 -in /etc/nginx/ssl/cert.pem -noout -dates`. If expired, obtain a new certificate.** (90% success)
   ```
   Check the certificate expiration date: `openssl x509 -in /etc/nginx/ssl/cert.pem -noout -dates`. If expired, obtain a new certificate.
   ```
3. **Set up automated renewal with a cron job: `0 0 * * * /usr/bin/certbot renew --quiet && systemctl reload nginx`** (90% success)
   ```
   Set up automated renewal with a cron job: `0 0 * * * /usr/bin/certbot renew --quiet && systemctl reload nginx`
   ```

## Dead Ends

- **** — Session cache does not affect certificate validation; the handshake will still fail. (90% fail)
- **** — Protocol versions do not bypass certificate expiration; the certificate is still invalid. (95% fail)
- **** — Self-signed certificates will also expire and cause the same error if not renewed. (70% fail)