The TLS Certificate Rotation Automation

Cert expiry incidents are 100% preventable. The automation that catches expiring certs and rotates without human action.

Detection

Daily scan: certs expiring in <30 days. Alert and queue.

Catches manual certs that nobody owns.

Rotation

ACM and cert-manager handle most cases. Auto-renew on validation.

Manual certs: convert to ACM/cert-manager when you find them.

Verification

After rotation: probe the endpoint; verify the served cert.

Monitoring continues; catches deployment issues.