SSL Pulse report
👋 Hello from SSL Pulse team! Our mission is to make WEB better by defeating this:
That's what the users see when they visit a website with an expired SSL certificate. But why do SSL certificates expire at all?
In brief - it's for security reasons. A secure connection between browser and server they are ured to send "sensitive" information, for example: password and number of credit card. Regular updating of the certificate helps CA such as Symantec or Comodo make sure that all active SSL certificates found the last security standard and really belong to the legitimate owners. For example: if all SSL certificates were issued for 20 years, half the Internet world uses 10-year-old safety standards.
Unless the hosting provider rotates the SSL certificate automatically, it's the website owner who requests a new certificate from Certificate Authority and installs it on the web-server.
What percentage of websites expire?
Not all sites nite require the certificate for their work. For our research, we choose only those websites, which depend on SSL and the certificate expired in December.
What percentage of websites expire? Websites that were not fixed in 5 days we treat as "abandoned" (i.e. SSL is not crucial for their business).
We consider only those websites, witch fixed on time, which in 5 days after expiration.
About 18 thousand websites had certificate with expiration in January 2021. More than 1% of websites didn't renew in time.
How does this affect the users and the business?
One way to find how impactful was the outage is to estimate the number of affected website visitors using the public data from https://rankchart.org:
How long does it take to fix an expired certificate?
After the expiration, we scan Domaine several times and save the issue date of the new certificate. That is how the outage duration is distributed:
Who had the longest outage?
Surprisingly, the longest outages happened to the "enterprise-level" websites (lower-right corner of the scatter plot above). Was it because the domain was not core for their business? Or have they recently switched to another domain and only had a redirect on the expired one?
It appeared that ¾ of the longest expirations happened on Friday, Saturday or Sunday. This explains the outage length: the staff of those big companies was not available over the weekend.
Expirations by Alexa Rank
Alexa Internet is an American web traffic analysis company that provides web traffic data and global rankings on over 30 million websites. We've been monitoring SSL certificates of top 1M websites for a few months, and most of the outages that we detected happened to the websites with Alexa Ranks less than 250 000.
The exception is probably just the top 30K websites where we can find linear regression. And still even within the top 5K websites there are expired ones.