Skip to main content

SSL Certificate Monitoring

FlareWarden automatically monitors SSL certificates for all HTTPS uptime monitors. Get alerts before certificates expire and when certificates change unexpectedly.

Automatic SSL Monitoring

You don't need to set up SSL monitoring separately. When you create an uptime monitor for an HTTPS URL, FlareWarden automatically tracks the SSL certificate.

What We Monitor

Comprehensive tracking of SSL certificate health and status

Certificate Expiration

Track when certificates expire and get alerts well before expiry to prevent browser security warnings.

Certificate Changes

Detect when certificates are renewed or replaced. Useful for catching unexpected changes.

Issuer Changes

Alert when the certificate authority changes. This could indicate a certificate swap.

Subject Information

Track changes to certificate subject (the domain name and organization info).

Expiry Warning Thresholds

Configure alerts at multiple intervals before certificate expiration

You'll receive alerts at multiple intervals before a certificate expires. Configure these thresholds in your preferences:

30

days

Warning

Early heads-up to plan renewal. Default: 30 days.

14

days

Urgent

Time to take action if auto-renewal hasn't kicked in. Default: 14 days.

7

days

Critical

Immediate action required. Default: 7 days.

Customize these thresholds in Settings → Preferences

SSL Notification Types

Configure which SSL events trigger notifications for each team member

Configure which SSL events trigger notifications for each team member:

EventDescription
SSL ExpiringCertificate approaching expiration (at your configured thresholds)
SSL ExpiredCertificate has expired (immediate alert)
Certificate ChangedCertificate was renewed or replaced
Issuer ChangedCertificate authority changed (e.g., Let's Encrypt → DigiCert)

Certificate Transparency Discovery

Automatically discover subdomains through CT log monitoring

FlareWarden monitors Certificate Transparency (CT) logs to discover certificates issued for your domains. This helps you:

  • Discover subdomains you may not be monitoring yet
  • Detect unauthorized certificates issued for your domain
  • Track certificate renewals across all your subdomains

CT Discovery runs periodically in the background and adds newly discovered subdomains to your SSL tracking automatically.

Webhook Events

SSL events trigger webhooks for integration with your tools

SSL events can also trigger webhooks for integration with your tools:

ssl.expiring - Certificate expiring soon

ssl.expired - Certificate has expired

ssl.changed - Certificate changed

Learn more about webhooks →

Best Practices

  • Use auto-renewal: Let's Encrypt and most providers offer automatic renewal
  • Set generous thresholds: 30 days gives you time to troubleshoot auto-renewal issues
  • Monitor subdomains: Each subdomain needs its own certificate (unless using wildcards)
  • Track certificate changes: Unexpected changes could indicate security issues