MoonitorMoonitor
Part of every Moonitor plan

SSL certificate monitoring, before the browser warning

An expired certificate takes your site down as surely as a crashed server — except it also greets every visitor with a security warning. Renewals are easy to automate and easier to forget, and a mis-issued or silently broken chain can pass unnoticed until customers start calling.

Moonitor inspects the TLS certificate on every HTTP check and runs dedicated SSL monitors that alert you a configurable number of days before expiry — so renewal happens on your schedule, not the certificate's.

7-day free trial — no credit card.

How it works

  1. Add your domain

    Point an SSL monitor at any HTTPS endpoint. Moonitor retrieves and validates the certificate chain on every check.

  2. Choose your warning threshold

    Get warned 1 to 365 days before expiry — 30 days for a manually renewed wildcard, 2 days for automated Let's Encrypt renewals you just want verified.

  3. We check around the clock

    Certificate validity, chain integrity and expiry are re-verified continuously, not once a day, so a mid-day re-issue mistake is caught in minutes.

  4. Get alerted before users notice

    Threshold crossed or validation broken, an incident opens and alerts go to email, Slack, Discord, Telegram or webhooks.

What you get

Your threshold, your warning

Each monitor sets its own expiry threshold from 1 to 365 days, matched to how that certificate is renewed.

Validation on every HTTP check

Ordinary website monitors verify SSL by default too — a broken certificate is surfaced even where you didn't set up a dedicated SSL monitor.

Domain expiry as well

Pair with domain expiration monitoring over RDAP so neither the certificate nor the domain registration sneaks up on you.

Expiring-soon dashboard

Certificates within 30 days of expiry surface on the dashboard, so renewals never depend on someone remembering.

Verified from a second country

Before an SSL failure pages you, it's reproduced from another vantage point — a resolver hiccup on one network won't wake you.

Status page ready

SSL monitors feed the same public status pages and incident history as every other check.

Frequently asked questions

How does SSL certificate monitoring work?
Moonitor connects to your HTTPS endpoint on every check, validates the certificate chain, and tracks the expiry date. If validation fails or expiry comes within your chosen threshold, you're alerted immediately.
How early can I be warned before a certificate expires?
Anywhere from 1 to 365 days before expiry, configured per monitor — so automated and manually renewed certificates can have different thresholds.
Will I be told if the certificate is invalid rather than expired?
Yes. Chain and validity problems — wrong host, broken intermediate, mis-issue — fail the check and open an incident just like an expiry would.
Can I monitor domain registration expiry too?
Yes. Moonitor's domain monitors track registration expiry over RDAP, so you're warned before a forgotten renewal takes the whole domain offline.

Every failure verified before you’re alerted

Moonitor re-runs every failing check from a second country before opening an incident — so a network wobble near one checker never becomes a false alarm on your phone. Explore the full feature set, read the docs, or automate it all with the API.

Get started