An analysis of the provided images reveals multiple vulnerabilities; however, the most critical one, and the one for which remediation tools are provided, is the expired SSL/TLS certificate. The certificate shown was only valid until July 19, 2018, which breaks the chain of trust for the website and exposes users to potential man-in-the-middle attacks.

The correct procedure to remediate an expired certificate involves four main steps.

1. First, a new Certificate Signing Request (CSR) must be generated on the web server.
2. This CSR is then submitted to a trusted Certificate Authority (CA) for verification and signing.
3. Once the CA issues the new certificate, it must be installed on the server to replace the expired one.
4. Finally, as a cleanup measure, the old, expired certificate can be removed.

National Institute of Standards and Technology (NIST) Special Publication 800-52 Revision 2, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations, Section 3.3.1. This document outlines the process for server certificate validation, which includes checking the certificate's validity period. An expired certificate fails this check and must be replaced. The renewal process follows the standard lifecycle of generating a CSR, obtaining a new certificate from a CA, and installing it.

Microsoft Documentation, "Renew an Internet Information Services (IIS) Web Server Certificate," TechNet Library. This official vendor documentation details the standard workflow for certificate renewal. The process explicitly lists creating a renewal request (CSR), submitting the request to a CA, and installing the received certificate on the server, which directly corresponds to the first three steps of the solution.

RFC 5280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, Section 4.1.2.5. This standard specifies the validity field in an X.509 certificate, which defines the period during which the CA warrants that it will maintain information about the status of the certificate. Operating with a certificate outside this period is a violation of the PKI trust model.