Home Security & Privacy TLS Rotation Playbook

TLS Rotation Playbook Cheat Sheet

Certificates, automation, and alerts

Last Updated: November 21, 2025

Focus Areas

Focus
Monitor expiry dates
Automate renewals and deployments

Commands & Queries

openssl x509 -enddate -noout -in cert.pem
Check expiry
certbot renew --dry-run
Test renewal
kubectl create secret tls tls-secret --cert=cert.pem --key=key.pem
Update secret

Summary

Scheduled TLS rotation avoids unexpected outages.

Related Cheat Sheets

Vault Secrets Engines

Enable engines, generate dynamic credentials, and renew leases

Incident Response

Declare incidents, contain, communicate, and learn

Node.js Security

Audit dependencies, configure CSP, and lock env variables

Passwordless Authentication

Deploy magic links, WebAuthn passkeys, and OTP flows

💡 Pro Tip: Link renewals to CI pipelines and rotate multiple dependencies together.

Related Cheat Sheets

Browse all Security & Privacy →

← Back to Security & Privacy | Browse all categories | View all cheat sheets