Monitors

SSL certificate monitor

Expiry warnings, chain validation, SAN mismatch, weak ciphers.

SSL

What it checks

Opens a TLS handshake, walks the certificate chain, and alerts on expiry, chain breakage, SAN mismatch, or known-weak cipher suites. You pick how many days before expiry to start pinging.

When to use it

Any production TLS endpoint (a renewed Let's Encrypt cert that fails to deploy is a common outage shape).
Certificates from CAs that don't send renewal emails reliably.
Internal services with long-lived certs you otherwise forget about.

Config fields

FieldTypeDescription

host*stringHostname (SNI) to check.

portnumberTLS port (default 443).

expiry_warning_daysnumberStart alerting this many days before expiry (default 14).

require_chain_validbooleanFail if the certificate chain is invalid (default true).

Fields marked * are required.

Example config

json

{
  "name": "monitor.teravor.com cert",
  "type": "ssl",
  "config": {
    "host": "monitor.teravor.com",
    "port": 443,
    "expiry_warning_days": 14
  },
  "interval_sec": 3600
}

← All monitor types Start free

← DNS

Heartbeats →

Was this page helpful?Last updated May 2026