Skip to main content

Respond to expired/expiring certificates

This document describes how to respond to expired certificates, or certificates about to expire.

A certificate in this instance is a TLS certificate, created and managed using either Gandi or AWS Certificate Manager.

How will I know if a certificate is about to expire?

Certificates that are about to expire will be flagged in the Certificate Alerts Google Group.

The message will appear in the following format:

Certificate for [domain] is about to expire. Please renew it.

What actions do I take?

Gandi

If the certificate is managed by Gandi, you should follow the Renew a Gandi certificate

AWS Certificate Manager

This should be an automated process, and no action should be required.

What if I don’t know what to do?

If you’re not sure what to do, or you’re not sure if the certificate is managed by Gandi or AWS, you should ask the team in the #operations-engineering Slack channel.

What if I don’t have access to Gandi or AWS?

If you don’t have access to Gandi or AWS, you should ask the team in the #operations-engineering Slack channel.

This page was last reviewed on 8 October 2024. It needs to be reviewed again on 8 January 2025 by the page owner #operations-engineering-alerts .