Expired certificates look unprofessional and train users to ignore browser warnings.
1. Inventory public hostnames
Include www, apex, and app subdomains.
2. Confirm auto-renew path
Let’s Encrypt / host ACME jobs need working DNS and HTTP challenges.
3. Calendar a manual check
Quarterly: open the site, click the padlock, note expiry.
4. Monitor
Uptime tools that alert on certificate expiry pay for themselves once.
Hosting with Qutzl? We track this. Open a ticket if something looks off.

