SSL Certificate Monitoring: Automated HTTPS Expiration Checking
Build an automated SSL monitoring system to prevent certificate-related outages. Includes alerting strategies, certificate chain validation, and code examples in Python and Node.js.
Why Automated SSL Monitoring Matters
SSL certificate expiration is one of the most common causes of unplanned outages. Unlike server failures that can be mitigated with redundancy, an expired certificate affects every user trying to access your site, with no workaround.
The Cost of Certificate Outages
Setting Up SSL Certificate Monitoring
List All Domains and Subdomains
Start by creating a comprehensive list of all domains and subdomains that require SSL monitoring. Include www, non-www, API, and any other subdomains with SSL certificates.
Schedule Daily Certificate Checks
Set up a daily cron job or scheduled task that queries the SSL API for each domain. Store the results to track certificate lifecycle over time.
Configure Alert Thresholds
Set up tiered alerts based on days until expiration. Different thresholds should trigger different levels of urgency and different response teams.
Integrate Alert Channels
Route alerts to the appropriate channels: Slack for informational, email for warnings, and PagerDuty or SMS for critical alerts requiring immediate action.
Test and Deploy to Production
Test with a domain nearing expiration to verify alerts fire correctly. Then deploy the monitoring system to production with proper error handling and retry logic.
Python Monitoring Script
import requests
apiUrl = "https://api.ops.tools/v1/ssl/check"
headers = {"Authorization": "Bearer YOUR_API_KEY"}
domains = ["example.com", "api.example.com", "www.example.com"]
for domain in domains:
response = requests.get(apiUrl, headers=headers, params={"domain": domain})
data = response.json()
days = data["daysUntilExpiration"]
if days <= 1:
print(f"CRITICAL: {domain} expires in {days} days!")
elif days <= 7:
print(f"WARNING: {domain} expires in {days} days")
elif days <= 30:
print(f"NOTICE: {domain} expires in {days} days")
else:
print(f"OK: {domain} - {days} days remaining")Node.js Monitoring Script
const domains = ["example.com", "api.example.com"];
const headers = { "Authorization": "Bearer YOUR_API_KEY" };
for (const domain of domains) {
const res = await fetch(
`https://api.ops.tools/v1/ssl/check?domain=${domain}`,
{ headers }
);
const data = await res.json();
const days = data.daysUntilExpiration;
if (days <= 7) console.log(`ALERT: ${domain} expires in ${days}d`);
else console.log(`OK: ${domain} - ${days}d remaining`);
}Alert Configuration Thresholds
| Threshold | Action | Channel | Severity |
|---|---|---|---|
| 30 days | Begin renewal process | Low | |
| 14 days | Escalate to IT team | Slack + Email | Medium |
| 7 days | Emergency renewal | PagerDuty + Slack | High |
| 1 day / expired | Immediate action | SMS + PagerDuty | Critical |
Best Practices
- Monitor certificate chains, not just leaf certificates
- Track intermediate certificate expiration separately
- Include all subdomains, not just the root domain
- Test alerts before they are needed (use a short-lived cert to verify)
- Document the renewal process and assign ownership
- Consider auto-renewal where supported (Let's Encrypt, etc.)
For checking individual certificates, use the interactive SSL Checker tool or read our complete SSL certificate guide.
Frequently Asked Questions
Q: How do I set up SSL certificate monitoring?
Set up SSL certificate monitoring using the Ops.Tools SSL API. Query your domains daily, check daysUntilExpiration against thresholds (30, 14, 7, 1 days), and send alerts via email or Slack when certificates approach expiration.
Q: How often should SSL certificates be monitored?
Monitor SSL certificates daily for production environments. Set alerts at 30 days (planning), 14 days (escalation), 7 days (emergency), and 1 day (critical) before expiration.
Q: What happens when an SSL certificate expires?
When an SSL certificate expires, browsers display security warnings blocking access to your site. Enterprise companies report average costs of $100K+ per certificate-related outage. Search engines may also flag the domain.
Q: Can I monitor multiple SSL certificates with one API?
Yes. The Ops.Tools SSL API supports monitoring multiple domains. Send individual requests per domain, or use batch processing with proper rate limiting to check hundreds of certificates efficiently. Professional plans start at $29/month.
Related Articles
SSL Certificate Checker: Complete Guide to SSL Verification
Learn how to check SSL certificate validity, understand SSL errors, and monitor certificate expiration. Includes automation examples with the Ops.Tools API.
Read ArticleDNS Lookup API: How to Check DNS Records Programmatically
Complete developer guide to querying DNS records via API. Includes working code examples in Python, Node.js, Go, and PHP with caching best practices.
Read ArticleDNS Records Explained: A Complete Guide to All DNS Record Types
Master every DNS record type: A, AAAA, MX, CNAME, TXT, NS, SOA, PTR and more. Understand how DNS resolution works with practical examples.
Read ArticleStart Monitoring Your SSL Certificates
Automated HTTPS monitoring with real-time alerts. Professional plans starting at $29/month.