SSL Certificate Monitoring
The one outage you can predict to the day — and still nobody does.
The Outage You Can See Coming
Think about how strange this is for a second. Almost every server problem ambushes you: a disk fills up on no schedule, a process runs away at random, a cable somewhere gets unplugged. But a TLS certificate is different — it is a little clock-bomb with the explosion date printed right on its face. Every cert carries a “not after” field: the exact second it stops being valid. This is the one outage you could mark on a calendar months in advance.
And yet it’s the one that catches everyone. A cert quietly expires at 3 a.m.
on a Saturday. Nothing pages you, because the server itself is perfectly healthy —
systemctl says everything is running.
Then Monday morning every visitor hits a full-screen scary red browser warning, decides
your site got hacked, and bounces. SSL certificate monitoring is the thing that turns
that ambush back into what it always should have been: a calendar reminder, weeks ahead,
with time to spare.
What CleverUptime Actually Watches
We connect to each of your HTTPS endpoints
the way a real browser does — a proper TLS handshake on port
443 — and read the
certificate the server actually hands back. Three things matter, and we check all three:
- Expiry — the headline event. How many days are left on the “not after” clock, so you hear about it while it’s still a chore and not yet an outage.
- Chain validity — a certificate is only trusted because it links back, link by link, to a root authority your visitors’ browsers already trust. Miss an intermediate in that chain and the cert is technically present but untrusted — the page breaks anyway.
- The right cert, served right — that the hostname actually matches, and that the endpoint is serving the certificate you think it is, not a stale one left behind by a half-finished renewal.
“But I have auto-renewal”
So does almost everyone who’s ever been burned by this. Auto-renewal is a cron job, and cron jobs fail silently — a rate limit, a moved file, a DNS check that didn’t pass, a service that didn’t reload after the new cert landed. The renewal that “can’t fail” is exactly the one that expires on a Saturday. Monitoring the cert is how you find out your automation quietly stopped.
It Finds Your Certs By Itself
Here’s the part that saves the afternoon. You don’t sit down and type out a list of URLs to watch. When your server checks in, CleverUptime looks at what it’s actually serving — the web server, the domains it answers for, the HTTPS endpoints behind them — and starts watching those certificates with sensible settings, on its own. No forms, no wizard, no “add your first certificate” empty state staring back at you.
The way you set it all in motion is one short, readable bash script on the box — standard commands you can audit in a couple of minutes, not a black-box agent you have to trust on faith. Run it, watch your dashboard for a minute, and the cert monitors simply appear, already pointed at the right endpoints. The setup that makes people abandon a monitoring tool on day one is the part we took off your plate.
It Tells You Which Cert, And What To Do
This is the whole reason CleverUptime exists, and it’s where most tools stop one step short. A red light that says “certificate error” has handed you the easy 10% and kept the hard 90%. Which endpoint? Expired, or just untrusted? Is the cert fine but the chain broken? Did the renewal run but the service never reload the file? Same red light, four completely different fixes.
So we don’t just raise the flag. We tell you, in plain language, the likely cause and the next step — this endpoint, this cert, expiring in this many days, and here’s how to renew and reload it cleanly. Every alert links straight to a knowledge base article that teaches the underlying fix, so the second time it happens you already know the move. You should walk away from a cert alert knowing more about TLS, not less sure of yourself.
The good kind of boring
Done right, a cert is the least dramatic thing on your server: a number that ticks down, a reminder that lands with weeks to spare, a five-minute renewal, back to ignoring it. The drama only shows up when nobody was watching the clock. We watch the clock.
How many days are left on your certificate right now — do you actually know?
CleverUptime finds your HTTPS endpoints, watches every certificate’s expiry, chain, and hostname, and warns you weeks ahead so a cert never expires on your watch.