Container TLS/SSL certificate expiration

Description

Check for expiring TLS certificates in containers by advancing the system clock forward one day, one week, and one month. Detect certificates that will expire before they cause outages.

What this Scenario does

This Scenario advances the system clock within your containers forward by one day, one week, and one month. This triggers certificate validation logic and reveals any TLS/SSL certificates that will expire within those time windows—especially important for containers where certificates may be mounted as secrets or baked into images.

Why run this Scenario?

  • Proactively identify expiring certificates in containerized services before they cause outages.
  • Test certificate rotation automation for certificates mounted as container secrets or volumes.
  • Verify that container-level monitoring detects upcoming certificate expirations.
  • Identify containers using baked-in certificates that won't benefit from automated rotation.

Expected outcome

If a TLS certificate expires without renewal, the containerized service fails gracefully and alerts trigger immediately.

Target
Containers
Containers
Experiments
Time Travel
Time Travel
Preview
Runtime:  
5 minutes