• Three system events are expected for SSL certificate expiration at 30, 7, and 1 days prior to expiry. However, the 30-day SSL Certificate Expiry alert do not trigger, and therefore no notification will be generated for that timeframe.

• Avi Load Balancer
• Affected Version: 30.x ,31. x. 32.1.x

• Due to bug, Alert scheduling for certificates may occur at a later configured warning threshold rather than the earliest applicable one.

Temporary Workaround:

Add an additional warning day earlier than the first configured warning day in the alert notification settings. This helps ensure that alerts are triggered at the expected time, you would use the following commands:

[:]:>configure controller properties
[:]: >controllerproperties> ssl_certificate_expiry_warning_days 45
[:]: >controllerproperties> save

After this configuration, the ssl_certificate_expiry_warning_days would include the new values. For example, the configuration in version 31.2 would appear as:

Field    Value
ssl_certificate_expiry_warning_days[1]    45 days
ssl_certificate_expiry_warning_days[2]    30 days
ssl_certificate_expiry_warning_days[3]    7 days
ssl_certificate_expiry_warning_days[4]    1 days

• Please note that default value of 30,7,1 cannot be changed. It is important to note that the Avi Load Balancer will prevent reducing the number of ssl_certificate_expiry_warning_days entries below three, ensuring a minimum level of notification.

Permanent Fix: 

The issue will be permanently fixed on version 32.2.1