Runbooks
← Runbooks

TLS certificate rotation

Version 2026.02.0 · 2 checklist steps

Overview

Prefer staged rollout and monitoring on handshake failures.

Edge certs or internal mTLS rotation without user-visible errors.

Step checks

  1. 1

    Inventory

    SANs, expiry, automation vs manual renewals.

  2. 2

    Rollout

    Deploy to canary → full; watch cert expiry and alert noise.