# 30102: TLS certificate for your Domain has expired. Log Type: APPLICATION Log Level: ERROR ## Description This error occurs when the TLS certificate for your Twilio Link Shortening domain has expired. When the certificate expires, link shortening can fail, links can break, and Twilio can fall back to sending the original long links if `ContinueOnFailure` is enabled for the domain. ### Possible causes * You are using a bring-your-own certificate for the Link Shortening domain, and the certificate reached its expiration date before you uploaded a replacement. * You are managing certificates manually, and the replacement certificate or private key was not uploaded through the Console or the domain's Certificate subresource before the old certificate expired. * If you use a Twilio-managed certificate, your DNS uses CAA records that do not allow `letsencrypt.org`, which can prevent certificate requests and renewals. This is an inference based on Twilio's stated certificate renewal requirement. ### Possible solutions * Replace the expired certificate. In the Console, upload a new certificate and private key for the Link Shortening domain. If you use the API, send a `POST` request to the domain's Certificate subresource with `TlsCert` set to the concatenated certificate and private key. * If you want Twilio to handle certificate requests and renewals, switch to a Twilio-managed certificate by using Certificate Manager or the Link Shortening `RequestManagedCert` subresource. This is the preferred setup. * If you continue to use your own certificate, make sure the certificate and private key are in PEM format, include the full certificate chain, and use the required `-----BEGIN CERTIFICATE-----` and `-----BEGIN PRIVATE KEY-----` boundaries. * After you upload a new certificate, allow up to five minutes for validation, then check the certificate status with a `GET` request to the domain's Certificate subresource. * To reduce the chance of future outages, create an Alarm for 30131 so you receive a warning before the certificate expires. * If you need messages to continue sending when Link Shortening fails, review the domain setting for `ContinueOnFailure`. When enabled, Twilio sends the original long links, which can increase message segments and costs. #### Additional resources * [Link Shortening](/docs/messaging/features/link-shortening) * [Link Shortening Onboarding Guide](/docs/messaging/features/link-shortening/onboarding-guide) * [Alarms](/docs/usage/troubleshooting/alarms)