What You Should Do
When you come across a bad SSL certificate there are one of three things that could be happening: the SSL certificate has timed out and the website has not renewed it with a CA yet, you are seeing an untrusted self-signed certificate, or you are seeing a self-signed certificate produced by a MITM attack.
The first thing you should always do is take a look at the certificate's date and the issuer information. If the certificate comes from a CA, the company information matches the website you are viewing, and the renewal date is passed then you can safely click the "Approve" button. If the certificate announces itself as self-signed and all of the contact information matches the credentials of the website you are viewing, then you can safely click the "Approve" button.
However, if you have used that website before in the past and there is no mention of them changing their self-signed certificate than you should be wary of your connection, especially if you are on a public network.
Finally, if you are on a public network and you are visiting a major website, like Facebook or Google Mail, and you receive an SSL certificate where the information does not match the website you are visiting, your connection is being intercepted and stripped of encryption. The only thing you really can do is close your web browser and access the website from a more secure, private location.