Certificate timeline & events
Every certificate in CertAutoPilot carries a timeline of every
lifecycle event — request, approval, issuance, renewal,
distribution, revocation, download. Events are event-sourced
(not log-parsed) and stored in the cert_events
collection with cursor-based pagination; the timeline surface
in the UI is just a read over this collection.
01Event types
| Type | When emitted | Payload highlights |
|---|---|---|
cert.requested | Issuance form submitted | actor, issuer, subject |
cert.approved | Approval request accepted (if policy gates issuance) | approver, approval_id |
cert.issued | CA returned the certificate | fingerprint, not_before, not_after, chain_depth |
cert.renewed | Renewal (or reissue) succeeded | trigger (scheduler/manual/reissue), new fingerprint |
cert.renewal_failed | Renewal attempt failed (every retry) | attempt, error_class, next_retry_at |
cert.expiring_soon | Expiration check sweeps at 30/14/7/3/1 day thresholds | days_remaining, threshold |
cert.expired | Past not_after | expired_for |
cert.revoked | CA confirmed revocation | reason_code, reason, actor, note |
cert.distributed | Distribution finished successfully | distribution_id, module, targets_succeeded |
cert.distribution_failed | Distribution ended in failed / partial | distribution_id, error_class, targets_failed |
cert.distribution_rolled_back | Rollback executed | distribution_id, rolled_back_by |
cert.downloaded | Manual download through the UI or API | format, actor, ip |
cert.policy_violation | Issuance blocked by the certificate policy | rule, offending_value |
cert.ocsp_revoked | Discovery probe sees OCSP status revoked | responder, checked_at |
cert.msca_pending | MSCA CA returned pending (manual approval needed) | request_id, connection_id |
cert.msca_approved | MSCA pending request approved in Windows | request_id |
cert.msca_pending_timeout | MSCA pending exceeded 7 days | request_id |
02How events are emitted
A singleton CertEventEmitter injected into every
service calls Emit() synchronously from the domain
code. Emission is best-effort — a transient Mongo write failure
is logged but does not block the action. For critical audit
trails use the separate HMAC-chained audit logs
which are transactional.
03Timeline on the UI
- Certificate detail page → Timeline tab.
- Filter by event type (checkboxes).
- Cursor-based pagination (the server returns 50 events per page with a
next_cursorpointer). - Each entry expands to show the full payload + actor identity.
04Query via API
GET /api/v1/projects/{projectId}/certificates/{id}/events
?type=cert.renewed,cert.revoked
&after=2026-01-01T00:00:00Z
&limit=100
&cursor=<opaque>Returns the events plus a next_cursor when more pages are available. See API reference.
05Retention
Events are retained indefinitely by default. If your compliance policy needs a retention cutoff, run a scheduled db.cert_events.deleteMany({"ts": {"$lt": ...}}) job; CertAutoPilot does not auto-trim.
06Routing to notifications
Every event can trigger a notification rule. See notifications → event types for the full mapping and templating.
07Troubleshooting
Expected event missing from the timeline
Emission is best-effort; a transient Mongo issue can drop an event. Cross-check with Jobs (every workflow writes a job record) or the Audit log (transactional and chained).
Events arrived out of order
Events are timestamped at emit. Clock skew between API/worker/scheduler pods can produce sub-second out-of-order display. Order by seq (monotonic per-cert counter) rather than timestamp for strict ordering.