TLS / HTTPS · Check

SSL certificate expires in under 7 days — what to do right now

When a certificate has fewer than seven days left, the renewal window is too tight to absorb a normal failure (DNS propagation, ACME validation issues, weekend deploys). Renew immediately and verify both staging and production picked up the new cert before the old one expires.

Real-world risk

A failed renewal or deployment slip can cause a hard outage with little buffer; attackers may notice the window.

Fix steps (in order)

Renew early and verify staging + production both got the new cert.
Automate renewal and alert when lifetime drops below your SLO (e.g. 30 days).

Topic explainer

TLS versions explained: 1.0, 1.1, 1.2, 1.3 and what to disable →

What's actually different between TLS 1.0, 1.1, 1.2, and 1.3 — cipher suites, forward secrecy, performance — and which versions to disable for compliance and security.

Verify the fix in 30 seconds

Run a Scorifya scan on the affected host after deploy. The same finding id (cert_expiring_soon) clears once the externally-observable signal is in place.

Run a free scan Methodology