Introduction When CDN edge SSL certificates expire, all HTTPS connections through the CDN fail. This causes immediate and widespread service disruption.

Symptoms - Browser SSL warnings for CDN domain - curl: "SSL certificate problem: certificate has expired" - All HTTPS requests failing through CDN - HTTP requests still working - Mobile apps unable to connect

Common Causes - Custom certificate on CDN not renewed - CDN provider certificate auto-renewal failed - Certificate uploaded to CDN but not propagated - Certificate chain incomplete - CDN not supporting the TLS version required by clients

Step-by-Step Fix 1. **Check CDN certificate status': ```bash echo | openssl s_client -connect cdn.example.com:443 -servername cdn.example.com 2>/dev/null \ | openssl x509 -noout -dates -subject ```

  1. 1.**Upload new certificate to CDN':
  2. 2.```bash
  3. 3.# AWS CloudFront
  4. 4.aws acm request-certificate --domain-name cdn.example.com --validation-method DNS
  5. 5.# After validation, update distribution
  6. 6.aws cloudfront update-distribution --id E123 --viewer-certificate '{
  7. 7."ACMCertificateArn": "arn:aws:acm:...",
  8. 8."SSLSupportMethod": "sni-only",
  9. 9."MinimumProtocolVersion": "TLSv1.2_2021"
  10. 10.}'
  11. 11.`

Prevention - Use CDN-managed certificates with auto-renewal - Monitor certificate expiration with alerts (30 days) - Test CDN HTTPS after certificate changes - Use ACM with CloudFront for automatic renewal - Implement certificate transparency monitoring