Back to All Scenarios
PASSEDsecurity / certificate_expiry
Kubernetes TLS Secret Expired — Ingress Broken
The TLS secret used by the Kubernetes ingress controller has expired. All ingress routes returning TLS errors.
Pattern
CERTIFICATE_EXPIRY
Severity
CRITICAL
Confidence
72%
Remediation
Auto-Heal
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | CERTIFICATE_EXPIRY | CERTIFICATE_EXPIRY | |
| Severity Assessment | CRITICAL | CRITICAL | |
| Incident Correlation | N/A | None | |
| Cascade Escalation | N/A | No | |
| Remediation | — | Auto-Heal — Corax resolves autonomously |
Scenario Conditions
Kubernetes 1.29. Nginx ingress controller. TLS secret 'prod-tls' in namespace 'default'. cert-manager renewal failed due to DNS solver permissions. All 12 ingress routes affected.
Injected Error Messages (1)
Kubernetes TLS secret expired — secret 'prod-tls' certificate expired, nginx ingress returning 'SSL: error:0A000086', cert-manager renewal failed: dns01 solver permission denied, 12 routes affected
Neural Engine Root Cause Analysis
SSL/TLS certificate issue detected — a certificate has expired, is about to expire, has an incomplete chain, or is causing TLS handshake failures. Expired certificates will cause browsers to display security warnings, APIs to refuse connections, and automated integrations to break.
Remediation Plan
1. Identify the affected certificate and check its expiration date using 'openssl s_client -connect host:443' or browser certificate viewer.
2. If expired, renew the certificate immediately through your CA or Let's Encrypt.
3. For chain issues, ensure the full certificate chain (root + intermediate + leaf) is installed correctly.
4. For TLS handshake failures, verify the server supports the required TLS version and cipher suites.
5. Set up automated certificate monitoring and renewal (e.g., certbot auto-renew) to prevent future expirations.
Tested: 2026-04-02Monitors: 1 | Incidents: 1Test ID: cmnhnoo5z000zlig7dtth7cip