[adrukh]

Yeah, that won't fly on my app right now because I only want it to notify you about an SSL cert that is both being served by some publicly-reachable host AND is about to expire soon.

A cert that was issued, found on CT, and expires tomorrow? Who knows, if it isn't served by any host/LB, let it expire, right?

[xoudini]

Well, just letting it expire would certainly halt local development at <dayjob> until renewing. The primary reason for this is that some integrations require TLS for callbacks, so we have a local reverse proxy serving everything with TLS enabled. Hence, it's just more pragmatic to run the dev environment with TLS enabled all the time: no need to modify configurations and reset the browser cache when moving between a TLS and non-TLS setup.

I do get emails from the CA reminding me to renew a month or so before expiry, and the certificate hasn't been revoked as of yet, but it'd be useful to be alerted regarding the latter, were it to happen.