table of contents Table of contents

SSL certificate expiration

An expired SSL certificate can cause havoc to sites and APIs. Checkly performs an hourly check on your certificate and can alert you up to 30 days before your certificate expires. All alert channels (e-mail, SMS, OpsGenie, Webhook etc.) can be used for this alert.

Simply create or pick an existing alert channel that your check subscribes to and enable SSL certificate expiration and set the day threshold to your preference. If you don’t have your alert channels set up yet, see Alert Channels.

Example alert channel form

Some tips on using SSL alerts

  • You can create specific alert channels for certificate expirations and subscribe all checks/groups to that channel.
  • You can create multiple alert channels with different thresholds if you want to be alerted at multiple thresholds.

API checks

The domain for the certificate is parsed from the URL in the HTTP request settings so it does not require any setup.

When using environment variables in the URL, make sure that the domain is fully specified. SSL monitoring cannot parse the domain from a URL like {{BASE_URL}}/test-endpoint, but using environment variables in other parts of the URL like{{TEST_PATH}} works.

Getting Error: unable to verify the first certificate

If prompted with this error, the usual cause is the certificate chain of the given website being incomplete. This will not happen with a browser check, because the browser will complete the certificate chain on its own. When running an API check, though, no browser is involved - therefore the error takes place. You can use an online SSL checker (e.g.: SSLHopper) to help you diagnose issues with your certificate.

Browser checks

Since browser checks can connect to multiple domains, you need to set the SSL certificate domain to receive certificate alerts for them.

SSL checks for browser checks

Last updated on June 26, 2024. You can contribute to this documentation by editing this page on Github