SSL certificate expiration

On this page

On August 13, 2020, we changed how SSL alerting is configured. Your old settings will be supported for 3 months until November 13, 2020. This page reflects the current usage.

An expired SSL certificate can cause havoc to sites and APIs. Checkly performs a daily check on your certificate and can alert you up to 30 days before your certificate expires. All alert channels (e-mail, SMS, OpsGenie, Webhook etc.) can be used for this alert.

Simply create or pick an existing alert channel that your check subscribes to and enable SSL certificate expiration and set the day threshold to your preference. If you don’t have your alert channels set up yet, see Alert Channels.

Example alert channel form

Tips

  • You can create specific alert channels for certificate expirations and subscribe all checks/groups to that channel.

  • You can create multiple alert channels with different thresholds if you want to be alerted at multiple thresholds.

API checks

The domain for the certificate is parsed from the URL in the HTTP request settings so it does not require any setup.

Error: unable to verify the first certificate. If prompted with this error, the usual cause is the certificate chain of the given website being incomplete. This will not happen with a browser check, because the browser will complete the certificate chain on its own. When running an API check, though, no browser is involved - therefore the error takes place. You can use an online SSL checker (e.g.: SSLHopper) to help you diagnose issues with your certificate.

Browser checks

Since browser checks can connect to multiple domains, you need to set the SSL certificate domain to receive certificate alerts for them.

SSL checks for browser checks


You can contribute to this documentation by editing this page on Github