We did something stupid on Dead Man’s Snitch yesterday. We let our iOS Push Notification certificates expire, so our users weren’t getting notifications for a number of hours. It wasn’t until we started talking about the errors we were seeing that we realized the certificate had expired at midnight.

So how do we prevent this?

After we renewed the certificates, we wrote a RSpec test to let our test suite flag us if we forget to renew.

require "spec_helper"

describe "Apple iOS APN Certificates" do
  # This test will fail when the certificate needs renewal.
  # …list steps to renew here.

  %w(staging production).each do |environment|
    describe environment do
      it "is valid for at least 1 more week" do
        file = Rails.root.join("certificates/apn-#{environment}.pem")
        certificate = OpenSSL::X509::Certificate.new(File.read(file))
        expect(certificate.not_after.to_time).to be > 1.week.from_now
      end
    end
  end
end

We have two certificates in our app, one each for staging and production environments. We have a test for each that uses OpenSSL to look at the certificate and warn us when we’re less than a week from expiration.

If we make our tests descriptive, and include steps to fix the problem (removed for brevity), we make it very easy for anyone on our team to fix the problem before it happens.

We’re always looking for ways to make our tests alert us to problems. Have you used similar sanity checks? Let us know in the comments!