Code Room
On-callMediumoc-g299
Subject Cert expiryLevel Mid–Senior~35 minCommon in Reliability & on-call interviewsIndustries Technology

Question

Your service connects OUTBOUND to a bank partner's API using a client certificate the partner issued you for mTLS. At 00:00 UTC all calls to the partner start failing with TLS handshake errors; the partner's logs (they shared) say 'client certificate expired.' Your monitoring watches the partner's SERVER cert expiry and the partner's endpoint is healthy and serving. Your own public-facing leaf certs are all fine and freshly renewed. The partner integration has worked untouched for a year. How do you triage and mitigate?

What a strong answer looks like

Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.

Diagram & narrate the incident
Loading whiteboard…
Run or narrate your approach, then ask the coach.