Event types
Expiry, validation, and certificate-change events are grouped by severity so teams can decide which channels receive early reminders, final-window warnings, critical failures, and review events.
- Use expiry thresholds for renewal planning and urgent deadlines.
- Use validation failures for broken or untrusted public serving state.
- Use certificate-change events when public certificate metadata deserves review.
| Event type | When it appears | Common severity |
|---|---|---|
| Expiry warning | Certificate crosses a configured threshold such as 30, 14, 7, 3, or 1 day. | Early to urgent based on window. |
| Expired | The served certificate is past its Not After date. | Critical. |
| Validation failure | Hostname mismatch, untrusted chain, active-window, parse, or other validation problem. | Critical for customer-facing endpoints. |
| Certificate change | Issuer, SANs, serial, fingerprint, validity, chain depth, or validation state changed after a successful check. | Review unless paired with a validation failure. |
| Delivery failure | A configured channel failed, retried, or became dead-lettered. | Operational cleanup for the alert path. |