Certificate Rotation
The SSL certificate on the EC2 box running the API needs to be rotated every 90 days to maintain secure connections.
Critical Maintenance Required
If the certificate is not rotated before expiration:
- User logins will start to fail
- Embeds will not load properly
- API connections will be rejected by browsers
- Users will see security warnings
Instance Details
EC2 Instance: curie-prod-rest-api
Rotation Process
Run the following commands on the EC2 instance:
sudo certbot renew
sudo systemctl restart nginx.service
Verification
After rotation, verify the certificate is working:
sudo certbot certificates
check curie.app login
Monitoring
Set up alerts 30 days before certificate expiration to ensure timely renewal.