How are you all managing certificate expirations?

Right now, we just handle everything manually because it hasn’t reached a point where automation is prioritized. Sure, it’s a tedious task, but sometimes that’s just the cost of doing business.

Honestly, it’s 2025, so there’s no reason not to have certs that auto-renew every few months. We’re all talking about getting on the ACME protocol bandwagon. Sure, there are legacy appliances that can’t handle auto-renewal yet, but that’s just poor planning if you ask me!

I’m all about automation! I usually use Let's Encrypt and don't think about it anymore unless there's an issue. So, if you haven't automated your certs yet, what are you waiting for?

Automating certificate management is key! It works great for websites, but complications can arise with older software or appliances that require certs in specific formats. Plus, some systems won’t accept a keystore created externally, which adds to the headaches. I suggest starting cert rotations a good 90 days before expiration. Trust me, once it gets under 30 days, it's panic time. Some teams think they can push back, but you really have to be assertive about it. Keep the pressure on until everything is sorted out.

We try to monitor everything as much as we can. It’s a huge pain when certs don’t auto-rotate, especially with our app gateway. Our workaround is a bit manual, but it gets the job done for now. I’ve seen automatic monitoring tools like Nagios or Zabbix work wonders, too. Getting alerts way ahead of time helps avoid those, "Oh crap, the cert expired!" moments.