From 5aeaa7450816d902d2ea3851eba9d9385ed71942 Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Tue, 11 Nov 2025 18:44:21 +0000 Subject: [PATCH] Document how soon-to-expire SSL certs are reported Closes gh-45564 --- .../antora/modules/reference/pages/actuator/endpoints.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spring-boot-project/spring-boot-docs/src/docs/antora/modules/reference/pages/actuator/endpoints.adoc b/spring-boot-project/spring-boot-docs/src/docs/antora/modules/reference/pages/actuator/endpoints.adoc index 596aa7351c0..0591b0dfc42 100644 --- a/spring-boot-project/spring-boot-docs/src/docs/antora/modules/reference/pages/actuator/endpoints.adoc +++ b/spring-boot-project/spring-boot-docs/src/docs/antora/modules/reference/pages/actuator/endpoints.adoc @@ -673,8 +673,8 @@ with the `key` listed in the following table: TIP: You can disable them all by setting the configprop:management.health.defaults.enabled[] property. TIP: The `ssl` javadoc:org.springframework.boot.actuate.health.HealthIndicator[] has a "warning threshold" property named configprop:management.health.ssl.certificate-validity-warning-threshold[]. -If an SSL certificate will be invalid within the time span defined by this threshold, the javadoc:org.springframework.boot.actuate.health.HealthIndicator[] will warn you but it will still return HTTP 200 to not disrupt the application. -You can use this threshold to give yourself enough lead time to rotate the soon to be expired certificate. +You can use this threshold to give yourself enough lead time to rotate the soon-to-be-expired certificate. +If an SSL certificate will become invalid within the period defined by this threshold, the javadoc:org.springframework.boot.actuate.health.HealthIndicator[] will report this in the details section of its response where `details.validChains.certificates.[*].validity.status` will have the value `WILL_EXPIRE_SOON`. Additional javadoc:org.springframework.boot.actuate.health.HealthIndicator[] beans are available but are not enabled by default: @@ -1257,7 +1257,7 @@ The `info` endpoint publishes information about your process, see javadoc:org.sp [[actuator.endpoints.info.ssl-information]] === SSL Information -The `info` endpoint publishes information about your SSL certificates (that are configured through xref:features/ssl.adoc#features.ssl.bundles[SSL Bundles]), see javadoc:org.springframework.boot.info.SslInfo[] for more details. This endpoint reuses the "warning threshold" property of javadoc:org.springframework.boot.actuate.ssl.SslHealthIndicator[]: if an SSL certificate will be invalid within the time span defined by this threshold, it will trigger a warning. See the `management.health.ssl.certificate-validity-warning-threshold` property. +The `info` endpoint publishes information about your SSL certificates (that are configured through xref:features/ssl.adoc#features.ssl.bundles[SSL Bundles]), see javadoc:org.springframework.boot.info.SslInfo[] for more details. This endpoint reuses the "warning threshold" property of javadoc:org.springframework.boot.actuate.ssl.SslHealthIndicator[] (configprop:management.health.ssl.certificate-validity-warning-threshold[]). If an SSL certificate will be invalid within the time span defined by this threshold, its status will be `WILL_EXPIRE_SOON` in the xref:api:rest/actuator/info.adoc#info.retrieving.response-structure.ssl[SSL section] of the endpoint's response.