[WirelessGigabit]

I solve this by certificate expiration monitoring and renewing the certificate at the 60 day mark.

The expiration warning is configured so that it starts to yell at me if it passes that timeframe.

That gives me plenty of time to fix it IF it goes wrong.

[derefr]

In your case, "something breaks in your automation" might mean that, by the time the cert is (about to be) in need of renewal, the notifications you set up are now going to an email account that doesn't exist any more, because you left the department got re-orged and...

[RamRodification]

If "monitoring" is set up as "send email to specific personal mailbox" then things are gonna suck a lot.

[derefr]

I was more imagining that it was going to an email account called e.g. "devops@"; and then when you left (possibly very quickly, e.g. via termination), the need for the continuity of that account was forgotten, because it had never become institutional knowledge; and then during a reorg, a new group (= email distribution list) was created to match the new department name; with nobody remembering to forward devops@ to the new address, because it wasn't receiving emails anybody needed to see on any sort of consistent basis, only these once-in-a-blue-moon emails.

[RamRodification]

That's one reason why nobody who knows what they're doing relies (solely) on email for monitoring. You use a monitoring solution, and if that whole system gets "forgotten" then there are bigger problems anyway.

[adobrawy]

The same can happen if you assign it to the team's mailbox, reorganizations happen at all levels.

[RamRodification]

Of course it "can happen". Anything "can happen". It's about mitigating risk by picking a strategy. In this case, from worst to better: personal mailbox -> team mailbox -> an actual monitoring solution and not friggin emails.

[Ekaros]

And how do you ensure your monitoring keeps working?

[brianskarda]

Alert on missing data. Keep a continuous stream coming in.

[pixl97]

Setup 365.25 domains and have one renew every day!