agent hive
Join the Waitlist

IT OPS

Cloudflare edge TLS expiry sentry: page on certs nearing expiration

Scans every Cloudflare edge and custom certificate on a schedule and pages on-call plus posts to Slack when any cert is within the renewal window.

CategoryIT Ops
Enginesim
Difficultybeginner
Triggerschedule
Steps5
Setup~5 min

How it runs

The automated pipeline, trigger to output.

  • TriggerTwice-daily schedule fires
  • ActionList edge and custom certificates from CloudflareCloudflareCloudflare
  • LogicFilter to certs inside the expiry threshold
  • ActionOpen PagerDuty incident per at-risk certPagerDutyPagerDuty
  • OutputPost expiring-cert summary to SlackSlack

What it does

Watches the expiration date of every TLS certificate Cloudflare serves for your zones — universal SSL, advanced, and uploaded custom certs. When any certificate falls inside your warning window it raises a PagerDuty incident and drops a Slack note with the hostname, issuer, and days remaining.

When to use it

Use it when an expired edge certificate would break customer traffic and you cannot rely on auto-renewal alone (custom uploaded certs, pending validation, or DCV stuck on a CNAME). It gives the team a hard lead time to act before browsers start throwing errors.

How it works

  1. 1A schedule runs the check twice daily.
  2. 2List all certificate packs and custom certificates for each configured zone via the Cloudflare API.
  3. 3A logic step computes days-to-expiry for each cert and keeps only those inside the threshold (default 14 days).
  4. 4If nothing is expiring soon, the run ends.
  5. 5For each at-risk cert, trigger a PagerDuty incident tagged with the hostname and expiry date.
  6. 6Post a consolidated Slack message listing every expiring cert and its remaining days.

Set it up

What you configure once, before turning it on.

  1. 1
    Connect CloudflareWorkers, Pages, R2, KV — the edge stack.
  2. 2
    Connect PagerDutyIncidents, on-call, escalations.
  3. 3
    Connect SlackChannels, DMs, threads, mentions.
  4. 4
    Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
  5. 5
    Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
  6. 6
    Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More IT Ops workflows

Daily Building Anomaly Digest to MS Teams

Each morning queries BigQuery for the prior day's flagged sensor anomalies, summarizes them by site and system into a ranked briefing.

Indoor Air Quality Breach to Tenant Notice and Work Order

Listens for CO2, VOC, or humidity sensor alerts via webhook, and when a zone exceeds occupant-safety limits it emails affected tenants, opens a Monday remediation task.

Self-Service Reclaim Email for Idle Users

Detects users idle in a SaaS app past the threshold and emails each one a keep-or-release link; unanswered seats after the deadline are auto-flagged for removal.

Outlook Room Conflict Resolver with Approval Gate in Teams

When an Outlook room clashes, proposes a rebooking and asks the bumped meeting's organizer to approve the move in Microsoft Teams before any change is made.

Outlook Room Double-Booking Resolver with Auto-Rebook

Detects when two meetings claim the same Outlook room resource and automatically relocates the lower-priority meeting to a comparable free room.

Monthly Wasted-License Cost Report

Aggregates inactive-seat data across all tracked SaaS apps each month, computes total reclaimable spend, and delivers a ranked cost report to leadership in Notion and Slack.

Browse all IT Ops

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the WaitlistBrowse all workflows