Politics aside, the U.S. government shutdown is having a negative effect on government websites and government website security due to expired SSL certificates.
As Netcraft reports, “Dozens of U.S. government websites have been rendered either insecure or inaccessible during the ongoing U.S. federal shutdown. These sites include sensitive government payment portals and remote access services, affecting the likes of NASA, the U.S. Department of Justice, and the Court of Appeals.”
Many government websites are not being updated during the shutdown, and many have banners to this effect.
In many cases, government websites’ SSL certificates have expired and have not been renewed. Forgetting to renew an SSL certificate is an issue that can easily affect any website, so it’s important to understand the consequences of an expired SSL certificate for your website.
What happens if a website has an expired SSL certificate?
First of all, the visitor will get a warning like one of these:
These are frightening warnings, and are likely to cause most visitors to leave your site. Imagine how many sales you can lose due to this type of error on your e-commerce website. If your visitor does choose to bypass the error, he can still visit your website. However, his interactions with your website will not be secure.
Up to date SSL certificates also protect your visitors from “man in the middle” attacks. If you do not renew your SSL certificate on time, your website may become vulnerable to this issue.
This article explains how even high-profile, well-known websites have let their SSL certificates expire in the past, and what happened. In one of the worst cases, Equifax was unaware of a security breach for over 2 months due to the outage.
How can you renew your expired SSL certificate?
Many hosting companies offer free Let’s Encrypt SSL certificates, and often renew them automatically. If this is the case for yours, great! You won’t need to do anything else. In some situations, like if you want PCI compliance for your website, you might prefer to use a paid certificate, purchased through your host or from a Certificate Authority directly. In that case, your host or the certificate authority may renew it for you if you have automatic renewals and a payment method enabled through your account. Otherwise, make a note of your certificate’s expiration date and set yourself a reminder to renew it. Set your reminder for a few days prior to the expiration date. That gives you time to renew the certificate and reinstall it if necessary.
Where can you find your SSL certificate’s expiration date?
Simply click on the padlock icon on your browser, click “more information”, and see your expiration date.
Again, leaving all political debate out of the question, let’s hope our government gets back to work soon so we can feel safe using government websites again.