Back to All Scenarios
PASSEDsecurity / certificate_expiry
SSL Certificate Expired on Production Web Server
The SSL certificate for the main customer-facing website has expired. All HTTPS connections show browser warnings and HSTS-enabled clients cannot connect at all.
Pattern
CERTIFICATE_EXPIRY
Severity
CRITICAL
Confidence
72%
Remediation
Auto-Heal
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | CERTIFICATE_EXPIRY | CERTIFICATE_EXPIRY | |
| Severity Assessment | CRITICAL | CRITICAL | |
| Incident Correlation | N/A | None | |
| Cascade Escalation | N/A | No | |
| Remediation | — | Auto-Heal — Corax resolves autonomously |
Scenario Conditions
Nginx reverse proxy. Let's Encrypt certificate expired 2 hours ago. certbot renewal failed silently due to DNS validation error. HSTS max-age: 31536000.
Injected Error Messages (2)
SSL certificate expired — certificate for *.company.com expired 2 hours ago, HSTS enforcement blocking all browser connections, certbot renewal failed: DNS-01 challenge error
API SSL certificate expired — same wildcard cert, all API clients receiving TLS handshake failure, mobile app and third-party integrations broken
Neural Engine Root Cause Analysis
SSL/TLS certificate issue detected — a certificate has expired, is about to expire, has an incomplete chain, or is causing TLS handshake failures. Expired certificates will cause browsers to display security warnings, APIs to refuse connections, and automated integrations to break.
Remediation Plan
1. Identify the affected certificate and check its expiration date using 'openssl s_client -connect host:443' or browser certificate viewer.
2. If expired, renew the certificate immediately through your CA or Let's Encrypt.
3. For chain issues, ensure the full certificate chain (root + intermediate + leaf) is installed correctly.
4. For TLS handshake failures, verify the server supports the required TLS version and cipher suites.
5. Set up automated certificate monitoring and renewal (e.g., certbot auto-renew) to prevent future expirations.
Tested: 2026-04-02Monitors: 2 | Incidents: 2Test ID: cmnhnoo5z000xlig7gwmodh3i