SSL Certificate Monitoring & Expiry Alerts
Prevent certificate-related outages with continuous monitoring and tiered expiry alerts
SSL certificate expiration is the leading cause of preventable HTTPS outages. Expired certificates cause browser warnings, break API integrations, and erode customer trust. EdgeDNS monitors your certificates continuously, tracking renewals, issuer changes, key rotations, and protocol downgrades -- with alerts at configurable thresholds before expiration.
The Challenge
Organizations manage hundreds of SSL certificates across production, staging, and internal services. Renewal processes span multiple teams and tools: ACME/Let's Encrypt automation, manual vendor certificates, and wildcard certs. When renewals fail silently or certificates are replaced with weaker configurations, teams find out from customer complaints or monitoring alerts after the damage is done.
The Solution
Subscribe domains to EdgeDNS certificate monitoring. The system checks certificate state at configurable intervals (from 30 minutes to daily), tracking issuer, expiry date, key type, protocol version, and chain validity. Change types detected include issuer changes, renewals, expiry warnings, protocol changes, key changes, and downgrades. Alert emails include specific change details and your monitoring data remains private to your organization.
Endpoints Used
Combine these EdgeDNS endpoints to build this solution.
/v1/subscriptionsTry in PlaygroundCreate Subscription: Subscribe a domain with cert monitoring enabled and expiry alert threshold
/v1/subscriptions/:id/alertsTry in PlaygroundSubscription Alerts: View cert_change, cert_expiry, and other alerts for this subscription
/v1/subscriptions/:id/check-resultsTry in PlaygroundCheck Results: View all check results including certificate check outcomes
/v1/domain/sslTry in PlaygroundSSL Certificates: On-demand certificate transparency log search for any domain
Results You Can Achieve
Prevent certificate-related outages
Get alerted 30, 14, and 7 days before expiration with configurable thresholds
Detect certificate downgrades
Catch issuer changes, key type downgrades, and protocol version regressions
Private certificate history
Your certificate monitoring data is exclusive to your organization -- not in a public CT log search
Code Example
Monitor certificates with expiry alerts
// Subscribe with cert monitoring (check every 4 hours, alert at 30 days)
const sub = await fetch('https://api.edgedns.dev/v1/subscriptions', {
method: 'POST',
headers: {
'Authorization': 'Bearer YOUR_API_KEY',
'Content-Type': 'application/json'
},
body: JSON.stringify({
domain: 'api.example.com',
cert_enabled: true,
cert_interval_minutes: 240,
cert_port: 443,
cert_change_alert: true,
cert_expiry_alert_days: 30,
notification_emails: ['security@company.com']
})
}).then(r => r.json());
// Check for cert-related alerts
const alerts = await fetch(
`https://api.edgedns.dev/v1/subscriptions/${sub.data.id}/alerts`,
{ headers: { 'Authorization': 'Bearer YOUR_API_KEY' } }
).then(r => r.json());
const certAlerts = alerts.data.filter(
a => ['cert_change', 'cert_expiry'].includes(a.alert_type)
);
console.log('Certificate alerts:', certAlerts);Learn More
Explore industry standards and best practices related to this use case.
Ready to build SSL Certificate Monitoring & Expiry Alerts?
Get started with 200 free API requests per month. No credit card required.