Glossary

What Is SSL Certificate Monitoring?

Watching your HTTPS certificates so they don't expire or break and take your site down.

Definition

SSL (TLS) certificate monitoring tracks the validity of the certificates that secure your HTTPS endpoints — checking that they're valid, trusted, and not about to expire. An expired or misconfigured certificate causes browsers to block the site with a security warning, which is effectively an outage.

Dedicated SSL monitoring often warns you days before expiry. At minimum, any HTTPS check will fail once a certificate has actually expired, because the secure connection can no longer be established.

Why It Matters

Certificate expiry is one of the most common — and most avoidable — causes of downtime. When a cert expires, every visitor sees a scary security warning and the site is unusable, even though the server is running fine. Monitoring prevents the embarrassing, self-inflicted outage of a forgotten renewal.

How It Works

An HTTPS monitor establishes a TLS connection as part of each check; if the certificate is expired, untrusted, or for the wrong domain, the connection fails and the check is marked down. Dedicated SSL monitors additionally inspect the certificate's expiry date and alert you in advance — for example, 14 days before it lapses.

Real-World Example

A site's certificate is set to expire on the 30th. Nobody remembers to renew it. At midnight the cert expires, the HTTPS connection can no longer be established, and every visitor hits a security warning — a full outage caused entirely by a missed renewal.

Best Practices

  • Automate certificate renewal (e.g., with Let's Encrypt) wherever possible
  • Monitor HTTPS endpoints so an expired cert surfaces as a failed check
  • Set calendar reminders ahead of any manual renewals
  • Verify the certificate covers all the domains and subdomains you serve
  • Treat a certificate warning as an urgent, customer-facing outage

Common Mistakes

  • Forgetting to renew a manually managed certificate
  • Assuming auto-renewal worked without verifying it
  • Issuing a cert that doesn't cover a needed subdomain
  • Ignoring certificate warnings until customers report them
  • Not monitoring HTTPS endpoints at all, so expiry goes unnoticed

In Monitoristic

Monitoristic monitors HTTPS endpoints, so an expired or invalid certificate makes the secure connection fail and triggers a down alert. A separate 'days-until-expiry' early-warning isn't a standalone feature today — automate renewals and renew well ahead of expiry.

Start monitoring →

Frequently Asked Questions

What happens when an SSL certificate expires?
Browsers block the site with a security warning and visitors can't reach it safely — effectively a full outage, even though the server is still running.
How can I avoid certificate expiry outages?
Automate renewals (e.g., Let's Encrypt), verify the automation actually runs, and monitor your HTTPS endpoints so a lapse surfaces immediately.
Does an HTTPS check detect a bad certificate?
Yes. If a certificate is expired, untrusted, or for the wrong domain, the TLS connection fails and the HTTPS check is marked down.
Does Monitoristic warn before a certificate expires?
Monitoristic detects an expired or invalid certificate as a failed HTTPS check. A dedicated advance-expiry warning isn't a separate feature yet, so automate and pre-empt renewals.

Get started today

Your Sites Deserve Better Monitoring.

Create monitors, connect alerts, and share status pages with your customers. Plans from $5/month.

Start Monitoring →See Pricing