Skip to content
AlertPing

features · certificates

SSL certificate monitoring that never lets a renewal surprise you

SSL certificate monitoring watches your certificates and warns you before they expire or break. AlertPing checks every HTTPS endpoint's certificate daily and on every 30-second check, alerting at 30, 14, 7 and 1 day before expiry.

expiry · chain · host · protocol

30

days out

email ▸ plenty of time

14

days out

email + slack ▸ nudge

7

days out

email + slack ▸ daily

1

day out

sms + every channel

acme.dev · cert valid · 23 days remaining · chain ok · tls 1.3

beyond the expiry date

Certificates fail in more ways than expiring

An expired cert is the failure everyone knows. The quieter ones lock out a fraction of your users and never show up in your own browser, because your machine has the missing pieces cached. Every HTTPS check we run validates the certificate the way a stranger's device would.

Certificate checks ride along free on every HTTPS monitor in our website monitoring tool and every API monitoring tool check.

  1. 1

    Broken chain validation

    A missing intermediate certificate passes on your laptop and fails on Android phones and older clients. We validate the full chain from a cold store, so an incomplete bundle is caught the first check after you deploy it.

  2. 2

    Wrong-host mismatch

    The cert is valid, just not for this name. Classic after a load balancer change or a wildcard that does not cover a new subdomain. We compare the certificate names against the exact host being checked.

  3. 3

    Weak protocol detection

    A config rollback quietly re-enables TLS 1.0 and your security posture regresses without a single error. We flag handshakes below TLS 1.2 so the fix ships before an auditor, or an attacker, notices.

the failure mode

An expired cert is a full outage with a scarier error page

When a certificate lapses, browsers do not degrade gracefully. Every visitor gets a full-screen security warning, and most leave. Renewal automation helps until the day the automation itself fails silently, which is exactly the class of problem external checks exist for. The warning ladder gives you four chances to fix it while it is still a calendar item, not an incident.

Certificate monitoring is included in every plan alongside HTTP, ping, port and cron checks. Full plan limits are on the uptime monitoring pricing page.

alertping ▸ cert watch · acme.dev

issuer   Let's Encrypt R11

expires  2026-07-28 · 23 days

chain    complete · 3 certs

host     match · acme.dev, www

protocol TLS 1.3

next warning at 14 days

certificate questions

Before you rely on it

When exactly do expiry warnings fire?

At 30, 14, 7 and 1 day before the certificate expires. Early warnings go by email; as the deadline approaches, Slack and SMS join in, so the 1-day warning is impossible to miss.

I use auto-renewal. Do I still need this?

Yes, precisely because auto-renewal fails silently: an expired API token, a changed DNS record, a full disk. External monitoring is the check on the automation itself, and it costs you nothing extra on any plan.

Does it check more than the expiry date?

Yes. Every check validates the full certificate chain, confirms the certificate matches the host being checked, and flags handshakes using protocols older than TLS 1.2.

Never ship an expired certificate again

Expiry warnings at 30, 14, 7 and 1 day, plus chain, host and protocol validation on every HTTPS check.

See pricing