CertKitA 2024 PKI survey found organizations averaged 3 certificate outages over 24 months. In almost every case, the certificate renewed fine.
Distribution is where it fell apart.
https://www.certkit.io/blog/certificate-distribution-is-the-last-mile #PKI #infosec
Certificate distribution is the last mile nobody solved
Certbot solved certificate issuance. It's great at that. The hard part is everything that happens after: getting the certificate file to every server that needs it, in the right format, with the right permissions, and confirming each one is actually serving it. Nobody handed you a solution for that.