These are all the federal HTTPS websites that’ll expire soon because of the US government shutdown

We like to think of ourselves as nerds here at TechCrunch, which is why we’re bringing you this.

During the government shutdown, security experts noticed several federal websites were throwing back browser errors because the TLS certificate, which lights up your browser with “HTTPS” or flashes a padlock, had expired on many domains. And because so many federal workers have been sent home on unpaid leave — or worse, working without pay but trying to fill in for most of their furloughed department — expired certificates aren’t getting renewed. Renewing certificates doesn’t take much time or effort — sometimes just a click of a mouse. But some do cost money, and during a government shutdown, there isn’t any.

Depending on the security level, most websites will kick back browser errors. Some won’t let you in at all until the expired certificate is renewed.

We got thinking: How many of the major departments and agencies are at risk? We looked at the list of government domains (not including subdomains) from 18F, the government’s digital services unit, which updated the list just before the shutdown. Then we filtered out all the state domains, leaving just the domains of all federal agencies and the executive branch. We put all of those domains through a bash script that pulls information from the TLS certificate of each domain and returns its expiry value. Running that for a few hours in another bash script, we returned with a few thousand results.

In other words, we poked every certificate to see if it had expired — and, if not, when it would stop working.

Why does it matter? Above all else, it’s an inconvenience. Depending on how long this shutdown lasts, it won’t take long before some of the big federal sites might start throwing errors and locking users out. That could also affect third-party sites and apps that rely on those federal sites for data, such as through a developer API.

Security, however, is less of a factor, despite claims to the contrary. Eric Mill, a security expert who recently left 18F, the government’s digital agency, said that fears over expired certificates have been overblown.

“The security risk to users is actually very low, since trusting a recently expired cert doesn’t in and of itself allow traffic to be intercepted,” he said in a recent tweet. Mill also noted that there’s little automation across the agencies, leading to certificates expiring and eventual downtime — especially when sites and departments are understaffed, especially given that each federal agency and department is responsible for their own website.

There’s a silver lining. Any website that’s hosted on cloud.gov, search.gov or federalist.18f.gov won’t go down as they rely on Let’s Encrypt certificates that automatically renew every three months.

We’ve compiled the following list of domains that have and will expire during the period of the shutdown, from December 22 onwards — while removing dead links and defunct domains that no longer load. Some domains redirect to other domains that might have a certificate that expires next year, but the first domain will still fail on its expiry date.

Remember, if you see a domain that’s working past its expiry, check the certificate and it’s likely been renewed. If you see any errors, feel free to drop me an email.

In all, we’ve counted five expired federal domains already, 13 domains will expire by the end of the month and another 58 domains will expire by the end of February.

Expired:

disasterhousing.gov — December 28 (restored)

landimaging.gov — January 3

earthsystemprediction.gov — January 11 — the National Earth System Prediction Capability

manufacturing.gov — January 14 — a portal for national manufacturing initiatives (restored)

nationalhousinglocator.gov — January 16 (restored)

Expiring in January:

scidac.gov — January 23

ginniemae.gov — January 23

reportband.gov — January 23

mojavedata.gov — January 26

congressionaldirectory.gov — January 30 — a redirect to the directory of Congress

congressionalrecord.gov — January 30 — another redirect to the congressional record

fdsys.gov — January 30

housecalendar.gov — January 30 — a redirect pointing hosting the House calendar

presidentialdocuments.gov — January 30 — Compilation of Presidential Documents

senatecalendar.gov — January 30 — a redirect to the Senate calendar

uscode.gov — January 30

donaciondeorganos.gov — January 30

www.fishwatch.gov — January 30

Federal domains that will expire by mid-February

ferc.gov — February 1 — Federal Energy Regulatory Commission

askkaren.gov — February 1

befoodsafe.gov — February 1 — a redirecting link to the Department of Agriculture

foodsafetyjobs.gov — February 1

isitdoneyet.gov — February 1

pregunteleakaren.gov — February 1

www.democraticleader.gov — February 2 — website of the House majority leader

majorityleader.gov — February 2 — redirecting link to the House majority’s page

www.democraticwhip.gov — February 2 — website of the Congressional Democratic whip

majoritywhip.gov — February 2 — redirecting link to Democratic whip’s page

llnl.gov — February 2 — Lawrence Livermore National Laboratory

moneyfactory.gov — February 6

federalregister.gov — February 7 — the Federal Register

wlci.gov — February 7

fedrooms.gov — February 10

floodsmart.gov — February 10 — the National Flood Insurance Program

www.casl.gov — February 11

geoplatform.gov — February 12 — the U.S. Geospatial Platform

fatherhood.gov — February 13

eeoc.gov — February 13 — the Equal Employment Opportunity Commission

www.faa.gov — February 13 — the Federal Aviation Administration

grants.gov — February 15

indianaffairs.gov — February 15 — Department of the Interior’s Indian Affairs bureau

jusfc.gov — February 15

Federal domains that will expire by the end of February

bia.gov — February 18 — another link to Indian Affairs

presidentialinnovationfellows.gov — February 18

usich.gov — February 18

cdfifund.gov — February 18

home.treasury.gov — February 18 — the end domain to the U.S. Treasury homepage

financialstability.gov — February 18

fsoc.gov — February 18

irsauctions.gov — February 18

irssales.gov — February 18

makinghomeaffordable.gov — February 18

mha.gov — February 18

sigtarp.gov — February 18

treas.gov — February 18

ustreas.gov — February 18 — a redirect to the U.S. Treasury

capnhq.gov — February 19 — another redirect link to the U.S. Treasury

fdicseguro.gov — February 19

sftool.gov — February 21

nlm.gov — February 21 — the National Library of Medicine

bea.gov — February 22

opioids.gov — February 22 — the White House’s page on the opioids epidemic

jamesmadison.gov — February 24

usitc.gov — February 24 — the U.S. International Trade Commission

arctic.gov — February 25

inspire2serve.gov — February 26

usaspending.gov — February 26

sec.gov — February 26 — the Securities and Exchange Commission

everytrycounts.gov — February 27

abandonedmines.gov — February 27

malwareinvestigator.gov — February 28 — the FBI’s malware analysis site

va.gov — February 28 — Department of Veterans Affairs

code.gov — February 28 — Code.gov for Sharing America’s Code

All information was accurate as of January 17. Edited at 3:30pm ET by deleting citizenscience.gov and everykidinapark.gov as these are known to be domains with auto-renewing certificates.