SSL Certificate Is About To Expire
Description
The server is using a TLS/SSL certificate that is approaching its expiration date. TLS/SSL certificates have a defined validity period, and once expired, they are no longer considered trustworthy by clients. This issue may affect the server's leaf certificate or any intermediate certificate in the chain.
When a certificate expires, browsers display prominent security warnings to users, and automated systems typically refuse connections entirely. This can result in service disruption and loss of user trust. The certificate serial number in the alert details identifies which specific certificate in the chain is nearing expiration.
Remediation
Renew the expiring TLS/SSL certificate before it reaches its expiration date. Follow these steps:
1. Identify the expiring certificate: Review the certificate serial number provided in the alert details to determine whether the server certificate or an intermediate certificate is expiring.
2. Generate a Certificate Signing Request (CSR): Create a new CSR with the same or updated information as your current certificate.
3. Request renewal from your Certificate Authority: Submit the CSR to your CA (e.g., DigiCert, Let's Encrypt, Sectigo) to obtain a renewed certificate. Many CAs offer automated renewal processes.
4. Install the new certificate: Replace the expiring certificate on your server before the expiration date. Ensure the complete certificate chain is properly installed.
5. Verify the installation: Test the new certificate using SSL testing tools to confirm proper installation and validity.
6. Implement automated monitoring: Set up alerts to notify you 90, 60, and 30 days before certificate expiration to prevent future issues. Consider using automated certificate management solutions like Let's Encrypt with ACME clients for automatic renewal.