SSL certificates always expire on the worst day

There is a special kind of outage that you set up for yourself, months in advance, and then forget about completely. The certificate expiry. One morning HTTPS stops working, every browser throws a frightening warning, and your perfectly healthy servers are serving an error nobody can click past.

What makes it worse is that it was entirely predictable. A certificate has an expiry date printed on it. The outage was on a calendar you were not looking at.

Why it hurts more than it should

An expired certificate does not degrade gracefully. The site does not get slow, it gets blocked. Browsers refuse the connection outright, and to your users it looks like your whole company went offline. The fix is simple once you know, renew and deploy, but the clock is running the whole time, while customers stare at a security warning with your name on it.

The renewal you assumed was automatic

Most teams assume auto-renewal has them covered, and often it does, right up until the one certificate that was set up by someone who left, or the internal service nobody automated, or the renewal that quietly failed three weeks ago. Automation is great. Automation you never verify is just an assumption wearing a badge.

Watch the date, not just the response

Vigiles tracks certificate expiry, issuer, and validity on a schedule, and warns you well before the date, not on it. You find out you have two weeks left while it is still a calendar item, instead of finding out at zero while it is an outage.

A certificate outage is the easiest one to prevent and the most embarrassing to suffer. Start free, or see how monitoring works.