Welcome to the CrtMgr Blog
Explore our expert insights on SSL/TLS certificate management, security best practices, and deployment guides. Learn everything you need to know about managing certificates effectively.
Latest Articles
How to Share Certificate Monitoring Links in CrtMgr: Private vs Public Access
You’ve set up certificate monitoring, you have alerts configured, and everything looks good on your side. Now your client calls asking whether their certificate is still valid. You either go look it up and relay the information, or — if you’re thinking ahead — you already have a link ready to send them that shows exactly that, updated in real time, without giving them access to anything else in your account.
Tutorial Collaboration Security CrtMgr Access ControlRead more →How to Add a New Website for Certificate Monitoring in CrtMgr
You know that sinking feeling when a client emails you saying their site shows a certificate warning? Or worse — when you find out via a support ticket that your own production API has been returning SSL errors for the past three hours? Both situations have the same root cause: nobody was watching the certificate.
Adding a site to CrtMgr takes under a minute, and once it’s in there, you get automatic expiration tracking, configurable alerts, and a historical record of every scan. This guide walks through the process step by step — from first login to your first alert configured and ready to fire.
Tutorial Monitoring SSL CrtMgr Certificate ManagementRead more →Code Signing Certificate Validity Reduction Starting March 1, 2026
Imagine setting a calendar reminder for something three years in the future. That’s been the reality for code signing certificate management — buy a cert, file the paperwork, set a reminder, forget about it until the renewal notice arrives. That era ends on March 1, 2026.
Starting then, new code signing certificates max out at 1 year (398 days). That 3-year cert you were planning to renew in 2028? Fine — existing certs remain valid. But the next one you buy will last one year. And the one after that. This isn’t a temporary policy; it’s the industry converging on shorter lifespans across all certificate types, and you’ll want to be operationally ready before the date arrives.
Code Signing Security Certificates Compliance DevOpsRead more →SSL/TLS Certificate Validity Shortening: 200, 100, and 47 Days - What It Means for Administrators
Here’s a thought experiment: imagine your organization manages 50 domains. Today, you renew each certificate roughly once a year. Not great, but manageable. Now imagine being told those certificates will expire every 47 days. That’s not a thought experiment — it’s where the industry is heading, and the timeline is shorter than most teams realize.
SSL/TLS certificate validity periods have been shrinking for a decade, each reduction driven by real security rationale. But for administrators and DevOps teams, the practical impact is the same regardless of the reason: more renewals, more automation requirements, and zero tolerance for the “set it and forget it” approach that still works today. This article breaks down what’s coming, when, and — more importantly — how to get ahead of it.
SSL TLS Security Monitoring Automation DevOpsRead more →Case Study: Certificate Automation in E-commerce Company
What does it actually cost to ignore certificate management? For one mid-sized e-commerce company, the answer turned out to be $47,000 in a single afternoon — plus a weekend of cleanup nobody wanted to spend.
This is the story of a team that went from 3-4 certificate incidents per year and 40 hours of monthly manual work, to zero incidents and near-full automation in about four months. The tools aren’t exotic: cert-manager for Kubernetes, Certbot for legacy servers, and a monitoring stack that actually caught problems before users did. What changed was the commitment to treat certificate management as infrastructure, not an afterthought.
SSL Case Study Automation E-commerce DevOpsRead more →SSL Certificate Monitoring with Prometheus and Grafana
Ask any engineer who’s dealt with an expired certificate in production and they’ll tell you the same thing: the alert that matters is the one that fires before everything breaks, not the PagerDuty that wakes you up at 3 AM. SSL certificate expiration is completely predictable — you know the exact moment it expires from day one — yet it remains one of the most common causes of avoidable outages.
SSL Monitoring Prometheus Grafana DevOps ObservabilityRead more →SSL/TLS Troubleshooting Guide - Practical Solutions
It’s 3 AM. PagerDuty fires. Your checkout page is down. You SSH in, check Nginx — it’s running fine. Then you notice it:
NET::ERR_CERT_DATE_INVALID. The certificate expired six hours ago. Everyone’s been asleep. Sales have been zero for six hours.Sound familiar? Certificate problems are among the most common causes of unexpected downtime, and they’re almost entirely preventable. This guide is the field manual I wish I’d had: practical diagnosis, concrete fixes, and enough context to understand why these problems happen — not just how to patch them this time.
SSL TLS Troubleshooting Certificates HTTPSRead more →Wildcard SSL/TLS Certificates - Best Practices and Pitfalls
Here’s a scenario that plays out more often than it should: a team deploys a wildcard certificate to cover their 50 microservice subdomains, saves themselves a ton of cert management overhead, and feels pretty clever about it. Then one developer’s laptop gets compromised. Suddenly, that single private key issue becomes a potential exposure across every single subdomain in production.
Wildcard certificates solve real problems — but they introduce real risks too. This guide is about knowing when to reach for a wildcard and when to step back and think twice. We’ll cover the good use cases, the security considerations, and the DNS-01 challenge mechanics that make automated wildcard issuance possible.
SSL TLS Wildcard Security Certificates DNSRead more →Automating SSL Certificates in Kubernetes with cert-manager
Let me paint a picture you might recognize: you have 15 Kubernetes clusters, 300 Ingress resources, and a shared spreadsheet tracking certificate expiration dates. Every 90 days, someone from the ops team spends a morning running through that spreadsheet, logging into clusters, renewing certs manually, and praying nothing breaks. One day they’re on vacation. One cert gets missed. Production is down for 45 minutes before anyone figures out why.
cert-manager exists to make that entire scenario impossible. It’s a native Kubernetes controller that treats certificates as first-class resources — declarative, automated, and integrated directly with your Ingress. Once you’ve set it up, certificate renewal happens silently in the background, and that spreadsheet becomes a piece of history.
Kubernetes cert-manager Automation Let's Encrypt SSL DevOpsRead more →How to Effectively Monitor SSL/TLS Certificates and Avoid Unplanned Downtime
Expired SSL/TLS certificates are one of the most common causes of unplanned outages for web applications. Research shows even large organizations fall victim to this problem, losing user trust and generating financial losses. This guide covers SSL/TLS certificate monitoring and automation of certificate management processes.
Why Certificate Monitoring is Critical
When an SSL/TLS certificate expires, serious consequences follow. Users see frightening browser warnings about insecure connections. Traffic drops by 70-80% as users abandon the site after seeing warnings. For e-commerce, this means direct sales losses. Customer and business partner trust erodes. APIs break, disrupting mobile apps and external integrations. Google lowers rankings for sites with expired certificates.
SSL TLS Monitoring Automation Let's Encrypt ACME ManagementRead more →