grafclouds.com / documents / insights / training / devops-challenges / nginx-tls-cert-expiry

The Cert Expires Tonight. Just Bump It to a 10-Year Cert?

Beginner ~10 min read
NginxSecurity

Scenario

The TLS certificate on your production nginx expires in a few hours. This is not the team's first brush with it: a previous expiry slipped past unnoticed and caused an outage, and the "process" since then has been a calendar reminder that already failed once last quarter. The endpoint serves both browsers and API clients, so an expired cert breaks humans and integrations at the same time.

The Quick Fix on the Table

A teammate has had enough of the renewal treadmill: generate a self-signed certificate valid for 10 years, install it in nginx, and never think about expiry again. One openssl command, a decade of peace.

Interview · Round 1

The quick fix is on the table and the room is waiting for your call. Would you sign off on it? Take a position and justify it — out loud or on paper — before revealing the analysis.