A year ago today I had a significant outage on the Rennug classifieds because I missed renewing the SSL certificates in a timely fashion, then misconfigured sign on servers without a complete chain of certs. I am embarrassed to admit that I did this again when the certificates expired this year.
I’ve switched to a Let’s Encrypt style certificate. This has several advantages, but the most important here is that the renewal and installation become 100% automated. While I am human and prone to failure, the machines will not miss a renewal, and will configure themselves.
This makes the server side of the process much more similar to the browser side. No one has to stop and think “is my browser certificate up to date?”. It just happens. The same should now be true of the servers for me.
My apologies for the inconvenience, and thank you for using the site!