[koolba]

A better approach is to have an automated alert for certificates that are expiring soon (next X days) then sending out an alert. Or even better, switch to automatically rotating certs on a regular basis via letsencrypt.

Rotating certs is like restoring backups, if you only do it when shit hits the fan (server crashed or cert expired), you're doing it wrong.

[y0ghur7_xxx]

> Rotating certs is like restoring backups, if you only do it when shit hits the fan (server crashed or cert expired), you're doing it wrong.

you restore backups even if the server is still ok? why?!

[mattkirman]

How do you know if your backups are good? Better to test a restore when everything is still working fine rather than waiting until you really need it and then finding out that your backups are broken.