Consider this scenario: you finally have your website up with an SSL certificate. You may be using certbot and Let's Encrypt, or your organization may have invested in an extended validation certificate. There are half a dozen places (bare domain plus www, api, backoffice, marketing, and help/support subdomains) where your certificate is installed. Everything looks great.
Fast-forward to: someone mentions something about images not working. Later that day, you see a few tweets about the site not working. Maybe the SSL certificate expired, or maybe something was configured incorrectly with a recent change or release. Either way, you get it working again. For now. Later, you realized that you missed a subdomain when updating a cert. Then, you see a report that emails aren't being received. New users from an ad campaign are getting site errors. You've lost time, money, and reputation.
We've all been there. SSL Hound lets you inventory all of the places your SSL certificates are used and lets you know if there is an error. It is easy to use, and this guide will walk you through the process of monitoring your websites and services.
First, visit https://www.sslhound.com/ and create a new account. If you're using it as an individual, use your personal email. If you're using this as part of a team or organization, it's recommended you use a group email address like devops@your_org.
New accounts need to have the email address verified before they can receive notifications. The verify link is sent in the welcome email sent when accounts are created, but you can also request a new confirm email link from the dashboard.
This is also a good time to set your locale (English, French, and Spanish are supported) and time zone. Those preferences don't impact when things are checked, but the date/time format and language of the website and notifications.
Once your account is created and configured, the next step is to add the websites and services that you want monitored. When creating a new monitored endpoint, the format should be a fully qualified URL like https://www.sslhound.com/. The path of the URL isn't used, so using
"/" is fine.
Each monitored service is actually a combination of a protocol, host, and port. In the above example, the protocol is
"https://". Trying to use
"http://" would result in an error, because that isn't an SSL endpoint. When a port is omitted, it defaults to 443.
Every combination of protocol, domain, and port should be monitored separately. For example, if you have a naked domain, www subdomain, and then an additional SSL service running on a non-standard port on the www subdomain, all 3 should be added:
On the dashboard, you can click the expand button for each monitored endpoint to view details, mute notifications, or delete it. This is handy because not all monitored endpoints are high priority. For example, your production and integration environments may warrant notifications when something is up, but if you have a development environment that bounces around a lot, being able to see the status but not getting notifications may cut down on noise.
When all of your monitored endpoints pass all of their tests, you'll see a green "Everything Is Fine" message at the top of the page. This is a quick and easy way to open the site and know that everything is OK.
If you are using PagerDuty, you can use the official integration. On the dashboard in the "Integrations" section, follow the link to configure PagerDuty integration.
If you are using Terraform, you can use the SSL Hound provider plugin to create monitored endpoints programmatically and update them as your infrastructure configuration changes.
And that's it! Sit back, have a beverage, relax for a hot second, and move on to the other things on your list.