SSL renewal checklist your team can reuse every quarter

Certificate expiry still causes preventable outages. A lightweight checklist keeps renewals boring—in a good way.

1. Inventory every hostname and SAN before renewal windows.
2. Confirm ACME automation or vendor renewal alerts fire to a staffed channel.
3. Stage renewal on staging that mirrors cipher suites and chain.
4. Verify HTTP Strict Transport Security and redirects after deployment.

Store validation artifacts with the ticket so auditors can trace what shipped.