SSL certificates expire. And when they do without warning, your users see "Your connection is not private," your SEO rankings tank, and trust takes a hit.
The frustrating part? Expiry is completely predictable. This guide walks you through setting up SSL certificate expiry alerts in about 5 minutes using Vigilmon's free tier.
Why SSL Certificates Expire Without Warning
SSL/TLS certificates have a defined validity period — 90 days for Let's Encrypt, 1-2 years for commercial CAs. The problem isn't expiry; it's that teams rarely have reliable alerting in place.
Common failure modes:
- Auto-renewal configured but cert-manager silently fails
- Renewed on the wrong server (load balancer vs. origin)
- Cert chain issues that browsers reject
- Certificate deployed to the wrong domain
Setting Up SSL Monitoring with Vigilmon
Vigilmon monitors your SSL certificates from multiple regions and alerts you when:
- Certificate expires within 30 days
- Certificate expires within 7 days
- Certificate has already expired (emergency alert)
- SSL handshake fails (configuration issues)
Step 1: Sign up for free
Head to vigilmon.online and create a free account. The free tier includes:
- Up to 3 monitors
- SSL certificate monitoring
- Email alerts
- 5-minute check intervals
No credit card required.
Step 2: Create an SSL monitor
From the dashboard, click + New Monitor, enter your domain URL, and select HTTPS as the monitor type. That's the whole setup.
Or use the API:
curl -X POST https://api.vigilmon.online/api/monitors \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Production SSL",
"url": "https://yourdomain.com",
"type": "https",
"interval": 5
}'
Vigilmon immediately starts checking your certificate from multiple geographic regions.
Step 3: Configure alert thresholds
By default, Vigilmon sends alerts when your certificate has 30 days remaining, 7 days remaining, and when it has expired. You can customize these thresholds in monitor settings.
Why Multi-Region SSL Monitoring Matters
Here's something most teams overlook: your SSL certificate might be valid from one location but failing from another.
This happens when:
- CDN edge nodes cache the old certificate
- Your load balancer serves a different cert than your origin
- Regional DNS routes traffic to different servers
Vigilmon checks your SSL from multiple regions (US, EU, Asia-Pacific) simultaneously. If your cert is failing in EU but not US — because CloudFront hasn't propagated a renewal to edge nodes yet — you'll know exactly where to look.
Single-region monitoring misses these partial failures entirely.
What the Alert Includes
When Vigilmon fires an SSL alert, it includes:
- Days until expiry
- Certificate issuer and subject
- Subject Alternative Names (SANs)
- Which region(s) detected the issue
Enough context to diagnose without logging into every server.
What to Do When You Get an Alert
30-day warning: Check your auto-renewal setup. Manually trigger a renewal if needed:
# Renew with certbot
certbot renew --cert-name yourdomain.com
# Verify the new cert is live
openssl s_client -connect yourdomain.com:443 -servername yourdomain.com 2>/dev/null \
| openssl x509 -noout -dates
7-day warning: Treat as urgent. Something failed in your renewal pipeline.
Expired alert: Your cert is gone. Renew immediately and check all regions.
The 5-Minute Setup Checklist
- [ ] Sign up at vigilmon.online (free, no card)
- [ ] Add all production domains as HTTPS monitors
- [ ] Verify a test alert lands in your inbox
- [ ] Set a second notification channel (email + Slack)
Stop Relying on Memory
SSL certificate expiry is a solved problem. You shouldn't be tracking renewal dates in a calendar or checking domains manually.
Set up a free SSL monitor at vigilmon.online — 5 minutes, free tier covers 3 domains, no credit card required.
Top comments (0)