A SaaS company did the responsible thing: it moved every TLS certificate from manual yearly renewals to automated issuance with Let's Encrypt and certbot, ahead of the industry's shrinking renewal windows. Forty-five days later a certificate expired anyway, killed by a broken Python dependency nobody saw fail. Five days after that, a second one expired on a bad AWS IAM role. This case study, based on a real Generator Labs customer deployment with identifying details removed, is about the gap between running renewals and verifying them.

What's Inside

  • The Migration: why yearly manual renewals had to go, and what replaced them
  • Two Expiries in the First Fifty Days: a dependency failure and a permissions failure, neither visible to the renewal tooling
  • Verify the Outcome, Not the Process: independently checking the certificate a real client receives
  • Since Day 51: two more misconfigurations caught before they became outages, zero outages since

Download the case study for the full timeline, or see how Certificate Monitoring backstops the renewals your automation is supposed to make.

Back to Resource Library