TLS / HTTPS · Check

SSL certificate expires in under 30 days — set up automated renewal

A 30-day expiry window is normal for short-lived certs but should always be renewed automatically — manual renewals tend to slip past holidays and PTO. Confirm an ACME or managed-cert workflow is running, and document which system (CDN vs origin) owns issuance.

Real-world risk

Operational risk accumulates as the renewal window shrinks; chained mistakes become outages.

Fix steps (in order)

Schedule renewal before automated jobs might fail (holidays, key rotation).
Document which system owns issuance (CDN vs origin) to avoid split-brain certs.

Topic explainer

TLS versions explained: 1.0, 1.1, 1.2, 1.3 and what to disable →

What's actually different between TLS 1.0, 1.1, 1.2, and 1.3 — cipher suites, forward secrecy, performance — and which versions to disable for compliance and security.

Verify the fix in 30 seconds

Run a Scorifya scan on the affected host after deploy. The same finding id (cert_expiring_month) clears once the externally-observable signal is in place.

Run a free scan Methodology