features · certificates
SSL certificate monitoring that never lets a renewal surprise you
SSL certificate monitoring watches your certificates and warns you before they expire or break. AlertPing checks every HTTPS endpoint's certificate daily and on every 30-second check, alerting at 30, 14, 7 and 1 day before expiry.
expiry · chain · host · protocol
30
days out
email ▸ plenty of time
14
days out
email + slack ▸ nudge
7
days out
email + slack ▸ daily
1
day out
sms + every channel
acme.dev · cert valid · 23 days remaining · chain ok · tls 1.3
beyond the expiry date
Certificates fail in more ways than expiring
An expired cert is the failure everyone knows. The quieter ones lock out a fraction of your users and never show up in your own browser, because your machine has the missing pieces cached. Every HTTPS check we run validates the certificate the way a stranger's device would.
Certificate checks ride along free on every HTTPS monitor in our website monitoring tool and every API monitoring tool check.
-
1
Broken chain validation
A missing intermediate certificate passes on your laptop and fails on Android phones and older clients. We validate the full chain from a cold store, so an incomplete bundle is caught the first check after you deploy it.
-
2
Wrong-host mismatch
The cert is valid, just not for this name. Classic after a load balancer change or a wildcard that does not cover a new subdomain. We compare the certificate names against the exact host being checked.
-
3
Weak protocol detection
A config rollback quietly re-enables TLS 1.0 and your security posture regresses without a single error. We flag handshakes below TLS 1.2 so the fix ships before an auditor, or an attacker, notices.
the failure mode
An expired cert is a full outage with a scarier error page
When a certificate lapses, browsers do not degrade gracefully. Every visitor gets a full-screen security warning, and most leave. Renewal automation helps until the day the automation itself fails silently, which is exactly the class of problem external checks exist for. The warning ladder gives you four chances to fix it while it is still a calendar item, not an incident.
Certificate monitoring is included in every plan alongside HTTP, ping, port and cron checks. Full plan limits are on the uptime monitoring pricing page.
alertping ▸ cert watch · acme.dev
issuer Let's Encrypt R11
expires 2026-07-28 · 23 days
chain complete · 3 certs
host match · acme.dev, www
protocol TLS 1.3
next warning at 14 days▌
certificate questions
Before you rely on it
When exactly do expiry warnings fire?
At 30, 14, 7 and 1 day before the certificate expires. Early warnings go by email; as the deadline approaches, Slack and SMS join in, so the 1-day warning is impossible to miss.
I use auto-renewal. Do I still need this?
Yes, precisely because auto-renewal fails silently: an expired API token, a changed DNS record, a full disk. External monitoring is the check on the automation itself, and it costs you nothing extra on any plan.
Does it check more than the expiry date?
Yes. Every check validates the full certificate chain, confirms the certificate matches the host being checked, and flags handshakes using protocols older than TLS 1.2.
Never ship an expired certificate again
Expiry warnings at 30, 14, 7 and 1 day, plus chain, host and protocol validation on every HTTPS check.