Skip to contentSkip to navigationSkip to topbar
Twilio Docs
Page tools
On this pageProducts used
Looking for more inspiration?Visit the

30131: Domain's certificate will expire soon

WARNING: 30131

warning-30131 page anchor
MESSAGING
WARNING

Description

description page anchor

This warning appears when the TLS certificate on your Link Shortening domain is approaching expiration. Renew or replace the certificate before it expires. If the certificate expires, Link Shortening can fail, shortened links can stop working, and messages may be sent with the original long links if ContinueOnFailure is enabled.

Possible causes

possible-causes page anchor
  • You use a customer-managed certificate and have not uploaded a replacement certificate for the domain.
  • The certificate currently associated with the domain is close to its expiration date.
  • You use a Twilio-managed certificate, but your DNS CAA records do not allow letsencrypt.org to request or renew the certificate.
  • Your certificate rotation process did not renew the certificate before the current one neared expiration.

Possible solutions

possible-solutions page anchor
  • Use a Twilio-managed certificate when possible. This is the preferred certificate management option for Link Shortening.
  • If you bring your own certificate, generate a new certificate and private key for the exact domain or subdomain you use with Link Shortening, then upload the replacement certificate before the current one expires.
  • Make sure the certificate and private key are in PEM format. The certificate must begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----. The private key must begin with -----BEGIN PRIVATE KEY----- and end with -----END PRIVATE KEY-----, or use PKCS #8 format.
  • Upload the full certificate chain as a single file. Include the server certificate, all intermediate CA certificates, and the root CA certificate.
  • If you use the API, send a POST request to the domain's Certificate subresource and provide the concatenated certificate and private key in TlsCert.
  • After uploading a replacement certificate, check validation status with a GET request to the Certificate subresource until cert_in_validation is null.
  • If you use CAA records with a Twilio-managed certificate, add letsencrypt.org to your CAA configuration so certificate requests and renewals can succeed.
  • Review your Link Shortening domain configuration for ContinueOnFailure. If this setting is enabled, Twilio can continue sending messages with long links during a certificate problem, which can increase message segments and costs.
  • Set up an Alarm for 30131 so you receive notice before the certificate expires.

Additional resources

additional-resources page anchor