# SSL 证书已过期：证书已过期

- **ID:** `nginx/ssl-certificate-expired`
- **领域:** nginx
- **类别:** config_error
- **验证级别:** ai_generated
- **修复率:** 95%

## 根因

Nginx 加载的 SSL 证书已超过有效期，导致 TLS 握手失败。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| nginx 1.24.0 | active | — | — |
| nginx 1.22.1 | active | — | — |
| nginx 1.20.2 | active | — | — |

## 解决方案

1. ```
   Renew the certificate using Let's Encrypt or your CA: `sudo certbot renew --nginx` or manually replace the certificate files and reload nginx: `sudo nginx -s reload`.
   ```
2. ```
   Check the certificate expiration date: `openssl x509 -in /etc/nginx/ssl/cert.pem -noout -dates`. If expired, obtain a new certificate.
   ```
3. ```
   Set up automated renewal with a cron job: `0 0 * * * /usr/bin/certbot renew --quiet && systemctl reload nginx`
   ```

## 无效尝试

- **** — Session cache does not affect certificate validation; the handshake will still fail. (90% 失败率)
- **** — Protocol versions do not bypass certificate expiration; the certificate is still invalid. (95% 失败率)
- **** — Self-signed certificates will also expire and cause the same error if not renewed. (70% 失败率)