Skip to content

A public API went down because its TLS certificate expired. Beyond renewing it, what's the durable fix?

Short answer

Manual renewals fail, so engineer the problem away with automated ACME renewal plus expiry monitoring that alerts days in advance. A calendar reminder is the manual process that already failed once. A long-lived self-signed cert breaks public trust and violates modern lifetime limits (CAs cap validity at ~398 days, dropping further). Disabling TLS trades an availability blip for a catastrophic confidentiality and integrity loss.

A certificate expiry outage is rarely a one-off — it's a symptom that the organization depends on a human remembering to do a chore. The durable fix is to remove the human from the critical path.

Why automation plus monitoring wins

ACME (RFC 8555, the protocol behind Let's Encrypt and most modern CAs) lets you automatically request, validate, install, and renew certificates with no manual steps. Pair it with independent expiry monitoring that alerts days in advance, because automation itself can fail silently — a renewal job that errored, a reload that didn't pick up the new cert. Belt and suspenders: the renewal does the work; the monitor proves it worked. This is the only option that addresses the root cause rather than the symptom.

Why the distractors are wrong

  • Calendar reminder for next year. This is the manual process that just failed. It depends on the right person being present, paying attention, and acting — and it has a one-year feedback loop, so the next failure is another year of risk away.
  • 10-year self-signed certificate. A self-signed cert isn't trusted by public clients, so the API would throw certificate errors for everyone. It also flatly violates the modern ecosystem: public CAs cap validity around 398 days and the industry is driving it down toward ~47 days, precisely because short lifetimes force automation and limit exposure from key compromise.
  • Disable TLS. Removing encryption to dodge expiry is trading a brief availability blip for permanent loss of confidentiality and integrity — credentials and data exposed in plaintext, ripe for interception and tampering. This is the most dangerous answer.

What the interviewer is probing

They want systems thinking: you don't just fix the incident, you eliminate the class of incident. Strong candidates name ACME explicitly, insist on independent monitoring as a safety net, and show they understand why certificate lifetimes are shrinking — that automation is now the expected baseline, not a nice-to-have.

Likely follow-ups

  • Why have CAs and browsers been shortening maximum certificate lifetimes?
  • How would your monitoring catch a renewal that silently failed?
  • What's your rollback or failover plan if an automated renewal pushes a bad cert?

Sources

Get 100 cybersecurity interview questions + answers

Drop your email and we'll send you the free PDF pack and the flashcard deck.

No spam. Unsubscribe anytime.