A real-world view: How expired certificates can cause service downtime and financial losses

Last updated: December 2024

Website downtime can have severe financial implications for businesses and organizations. According to a 2024 study, the average cost of a single minute of downtime has grown from $5,600 to around $9,000. 

Certificate expiry is one of the leading causes of website downtime. According to Keyfactor’s 2024 PKI and Digital Trust Report, respondents experienced an average of three outages caused by expired certificates over the past 24 months. The report also revealed that it takes 2.6 hours to identify the root cause of an outage and an additional 2.7 hours to remediate the issue. Based on the earlier calculation of $9,000 per minute, this means the average outage costs approximately $2,862,000.

To shine a light on the importance of proactively monitoring your company’s certificate inventory in order to avoid costly downtime, we’ve compiled a list of high-profile companies whose oversights unfortunately led to big losses.

1. Expired certificates: A cascade of problems

a) Shopify: An expired root certificate made its way into a staging environment, risking a production deployment. Fortunately, a deployment freeze prevented it from reaching the live environment.

b) Microsoft: The expiration of the WinGet CDN’s SSL/TLS certificate impacted package installations and upgrades, affecting users’ experience and productivity.

c) Microsoft and Spotify: An expired certificate disrupted the Windows 11 Clock app’s Spotify integration, rendering it non-functional.

d) Starlink: Over several hours, Starlink experienced downtime due to an expired certificate, affecting its satellite internet services.

2. Widespread impact

a) Windows Insider: The expiration of a certificate resulted in the temporary unavailability of the Windows Insider program, disrupting the testing and feedback loop.

b) Spotify: An expired certificate caused a service outage on Megaphone, Spotify’s podcast platform, hindering content distribution and listener engagement.

c) LinkedIn: The expiry of a country subdomain SSL certificate impacted the accessibility and security of LinkedIn services.

3. Government systems and critical infrastructure

a) US Government: 80 certificates expired, leading to many US government websites being inaccessible.

How Red Sift can help

With the right solution, certificate expiry is one of the simplest problems to fix. Proactive monitoring can help organizations identify expiring certificates ahead of time, allowing them to renew or replace them before they cause disruptions. By avoiding website downtime, businesses can mitigate the financial costs associated with outages and ensure uninterrupted services for their users. Establishing robust certificate management practices is an essential part of maintaining a secure and reliable online presence in today’s digital world.

Red Sift’s Hardenize monitors your certificates and notifies you if they’re about to expire, proactively avoiding downtime. Crucially, we also monitor the certificates of third-party services your sites rely on, helping you avoid problems via dependencies and services you don’t control directly. Finally, via Certificate Transparency, we observe all the world’s certificates as they are issued in real-time. We automate analysis of these discoveries so that you can ignore those that are known and compliant, but focus your attention on misissued certificates.

To learn more about certificate expiry issues that could lead to expensive downtime, watch our recent webinar “Stop downtime caused by expiring certificates“.

PUBLISHED BY

Billy McDiarmid

6 Jul. 2023

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
DMARC

From concept to market leader: Reflecting on the development of Red Sift…

Rahul Powar

Following Red Sift OnDMARC being featured in 18 reports in G2’s Spring 2025 Report, CEO Rahul Powar shares his thoughts on the innovation behind the product—and what’s driving its continued momentum in the fight against phishing and Business Email Compromise (BEC). When I founded Red Sift, my goal was to make proactive cybersecurity accessible…

Read more
DMARC

Keep your Microsoft Online Email Routing Address secure with Red Sift OnDMARC

Faisal Misle

Every Microsoft 365 tenant includes a default domain in the format tenantname.onmicrosoft.com. This is known as the Microsoft Online Email Routing Address (MOERA). What many don’t realize is that attackers have started using these domains to impersonate organizations in phishing attacks. If left unmonitored, MOERA domains can become a blind spot in your email…

Read more
News

Red Sift OnDMARC ranked #1 in EMEA and Europe for DMARC in…

Francesca Rünger-Field

G2’s Spring 2025 Report is here, and we’ve got some exciting news to share! Red Sift OnDMARC has been named the #1-rated DMARC solution in both EMEA and Europe, and that’s just the start. We also took the #1 spot in the Mid-Market Results Index and Mid-Market Usability Index, and were featured in 18…

Read more
DMARC

The Mail Check deadline has passed: Is your organisation at risk? 

Jack Lilley

The National Cyber Security Centre (NCSC) proposed changes to Mail Check services came into effect on 24 March 2025, including the ending of DMARC aggregate reporting. Organisations who are yet to comply must now seek an alternative provider or risk exposure to harmful cybersecurity incidents. This change comes as a measure to expand the…

Read more