Photo: free stock photography (Unsplash licence) — see imprint
It is not a warning, it is a wall
An expired certificate does not show a small notice. Modern browsers put a full-page interstitial in front of your shop and most visitors will simply leave — and quietly conclude that you were hacked.
Automate renewal, then verify the automation
Automatic renewal is normal now, which is exactly why it fails silently: a changed DNS record or a blocked path breaks it, and nobody notices until day 90. Monitoring the actual certificate is not optional just because renewal is automated.
Monitor from outside, alert to a human
Check the live certificate from the public internet, alert at 21 and 7 days, and send it to a channel a human actually reads — a chat channel, not a shared inbox nobody owns.
Do not forget the others
Your shop is not the only endpoint with a certificate. The API, the staging system, the mail server, the ERP connection — each one can expire and take a workflow down with it.
- An expired cert blocks the shop, it does not warn.
- Automated renewal still needs external monitoring.
- Certificates exist on APIs and mail servers too.
We do this for a living — Shopware, Node.js, React, ERP integration and automation for B2B.
Talk to an engineer