Skip to content

Add SSL auto-renewal docs (cadence, force-renewal, DNS-01 troubleshooting)#16

Draft
lvangool wants to merge 1 commit into
mainfrom
feature/sup-990-umbrella-docs-gap-ssl-auto-renewal-cadence-warning-email
Draft

Add SSL auto-renewal docs (cadence, force-renewal, DNS-01 troubleshooting)#16
lvangool wants to merge 1 commit into
mainfrom
feature/sup-990-umbrella-docs-gap-ssl-auto-renewal-cadence-warning-email

Conversation

@lvangool
Copy link
Copy Markdown
Member

@lvangool lvangool commented May 20, 2026

Summary

  • Adds a new page security/ssl-auto-renewal.mdx covering:
    • Renewal schedule — the scheduler runs Mon/Thu at 14:00 UTC and attempts renewal within 30 days of expiry.
    • Forcing a renewal — the dashboard "update the certificate config" trick to trigger an immediate attempt outside the scheduled window, with a Let's Encrypt rate-limit caveat.
    • DNS-01 / Cloudflare troubleshooting — proxy/token-scope/CNAME-flattening failure modes and how to verify the _acme-challenge TXT record manually.
  • Adds cross-links from both "renews every 3 months" Callouts in security/ssl.mdx.

Why

On HS #33515 a customer's certificate lapsed and their site started returning 526, with no docs explaining when auto-renewal runs or how to intervene. This was filed as an umbrella gap (SUP-990) listing six concerns; this PR ships the three highest customer-impact items (cadence, force-renewal, DNS-01 troubleshooting). The remaining three (warning-email design, badge semantics, audit-log coverage) were deliberately scoped out as lower-impact / more internal-process detail.

Linear

  • SUP-990 (partial — 3 of 6 items, by design)
  • Originating ticket: HS #33515

Test plan

  • yarn validate:mdx passes
  • New page renders; the renewal-schedule and DNS-01 sections display correctly
  • Both cross-links from ssl.mdx resolve to the new page
  • Confirm the Mon/Thu 14:00 UTC cadence and 30-day window match current platform behaviour before merge

🤖 Generated with Claude Code

@lvangool @claude
Add SSL auto-renewal page (cadence, force-renewal, DNS-01 troubleshoo…
fbdb5c2 
…ting)

Customers had no way to predict when auto-renewal runs, force a renewal
after fixing an upstream issue, or debug DNS-01 failures on Cloudflare-
managed domains. The existing security/ssl.mdx only noted "renews every 3
months". Adds a dedicated security/ssl-auto-renewal.mdx covering the
renewal schedule, the dashboard force-renewal procedure, and the common
Cloudflare/DNS-01 failure modes, plus cross-links from both renewal
Callouts in security/ssl.mdx.

Linear: SUP-990

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@linear
Copy link
Copy Markdown

linear Bot commented May 20, 2026

SUP-990

@lvangool lvangool marked this pull request as draft May 20, 2026 09:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lvangool