So SagePay has made one of the largest errors a payment processor could make. It has failed to renew it’s SSL certificate. Users trying to make payment on merchant websites that used SagePay would have been met by expired certificate warnings.

Technically users could just continue to the website and the connection would still be secure and encrypted. However your average user would most likely have headed off “Back to safety” as the Chrome warning would suggest.

SagePay has some big apologies to make especially given the complaints on twitter.

Way to go #sagepay – I still don’t feel safe using you on my sites!twitpic.com/9dzla6

— Curt Maybury (@curtmaybury) April 26, 2012

I do feel a little bit sorry for Amy Monro the PR lady at SagePay. She is doing her best to answer those twitter complaints

@liam_martin Hi Liam, that message has occurred by error. The certificate is still valid and in date. Thanks

— Amy Monro (@Amy_SagePay) April 26, 2012

However perhaps she needs a little education on SSL certificates. She is claiming the certificate is valid and in date and that this is an admin error. The certificate is clearly not valid! It is possible they have already renewed the SSL certificate and simply failed to replace the existing certificate on their website. If this is the case it is an easy 2 minute fix. However since the problem remains ongoing I suspect nobody has even started the renewal process. In fact I can confirm that nobody must have started the renewal process until after the certificate had expired. If you check the certificate now it was issued on 26 April 2012 01:00 BST.

So a few final tips for SagePay (and anyone else using SSL certificates).

• SSLs are only valid for a fixed period of time, just like domain registrations.
• If you renew an SSL you have to replace the current certificate with the new one.
• You can renew up to 90 days BEFORE your current certificate expires.
• Buy your SSL from ServerTastic because we could save you loadsa money!