Code Room
On-callHardoc-g078
Subject Cert expiryLevel Senior–Staff~40 minCommon in Reliability & on-call interviewsIndustries Technology

Question

Your public API's TLS leaf certificate is valid for another 60 days, yet starting at 06:00 a large set of clients — mostly older Android devices and some Java/IoT clients — fail to connect with 'unable to find valid certification path' / 'certificate expired,' while modern browsers and curl work fine. Dashboards: error rate from mobile SDK clients spikes; web traffic is normal; your cert's notAfter is two months out. Recent context: nothing changed on your side, but news mentions a widely-used root/intermediate CA certificate reached its end date overnight. How do you triage and mitigate?

What a strong answer looks like

Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.

Diagram & narrate the incident
Loading whiteboard…
Run or narrate your approach, then ask the coach.