Renewal-aware certificate monitoring

Catch certificate problems before they break production.

Monitor domains, custom TLS ports, or HTTPS URLs. We check certificate health and notify you before renewals become incidents.

5
free monitors
Enough to cover key domains before upgrading.
5 sec
queue wakeup
The worker wakes quickly, then rate-limits TLS checks.
1x
shared target check
The same host:port is checked once for all subscribers.

Live certificate queue

Shared checks keep duplicate domains cheap and predictable.

3
api.yourdomain.com
Monitor: api.yourdomain.com:443
Coverage: *.yourdomain.com
Healthy
No action needed
The certificate is outside the renewal risk window.
67 days left
Renew window: 31d
Valid:
Checked at:
billing.yourdomain.com
Monitor: billing.yourdomain.com:443
Coverage: *.yourdomain.com
Needs attention
Renewal window reached
The certificate is inside its recommended renewal window.
18 days left
Renew window: 32d
Valid:
Checked at:
vpn.yourdomain.com
Monitor: vpn.yourdomain.com:8443
Coverage: gateway.vendor.netNot covered
Check failed
Check failed
The connection timed out, failed, or did not return a TLS certificate.
Waiting for certificate dates
Waiting for certificate dates
Checked at:

Built for the boring failure that still takes sites down.

Certificate monitoring should be quiet until it matters. Cert Monitor keeps the workflow small: add targets, verify notification emails, and let the worker keep checking.

Monitor the target users actually hit

Paste domains, HTTPS URLs, or custom TLS ports. Inputs normalize to host:port so duplicate checks are shared.

Alert from certificate lifetime

Renewal risk is based on the certificate's own lifetime, not only a hard-coded number of days.

Send alerts only to verified inboxes

Notification emails must be verified before they can receive production certificate alerts.

Privacy, acceptable use, and contact details are available before you create an account.

Public legal and support

PrivacyTermsCookiesContact support: support [at] certmonitor.xyz