How does SSL and domain expiry monitoring work?
Monitor SSL certificate and domain expiration as part of your HTTP monitors - runs on a 24-hour schedule at no extra credit cost.
Expired SSL certificates break HTTPS services instantly - browsers refuse to load the page, APIs reject connections, and users see warning screens. Expired domains are even worse - your entire online presence disappears. UpCanary lets you monitor both as part of your HTTP monitors.
Not a Separate Check Type
SSL certificate and domain expiry monitoring are built into HTTP monitors - they are not standalone check types. You enable them as options when configuring an HTTP monitor for an HTTPS URL.
These checks run on a fixed 24-hour schedule, independent of your monitor’s regular check interval. If your HTTP monitor runs every minute, the SSL/domain expiry check still only runs once every 24 hours. This makes sense because certificates and domains don’t expire on a minute-by-minute basis.
No additional credits are consumed for these checks. They are included with the HTTP monitor at no extra cost.
SSL Certificate Monitoring
How to Enable
In the HTTP monitor configuration, find the SSL / Certificate section. SSL monitoring options are only available for HTTPS URLs.
Verify SSL
When enabled, the HTTP check itself will fail if the SSL certificate is:
- Already expired
- Self-signed and not trusted
- For a different domain (common name mismatch)
- Using a revoked or invalid chain
This is enabled by default. Disable it when intentionally monitoring internal services with self-signed certificates.
Warning Days
The number of days before certificate expiry at which to send a warning notification. This is your early signal to schedule renewal.
Recommended: 30 days
Critical Days
The number of days before certificate expiry at which to send a critical notification. This is your urgent signal - renewal should happen immediately.
Recommended: 7 days
Example Configuration
URL: https://yoursite.com
Method: GET
Expected Status: 200
Verify SSL: Yes
SSL Warning Days: 30
SSL Critical Days: 7
Interval: 5 minutesWith this configuration, UpCanary:
- Checks your site every 5 minutes for uptime (consumes credits at the 5-minute rate)
- Once every 24 hours, checks the SSL certificate expiry date (no extra credits)
- Sends a warning alert when the certificate is within 30 days of expiry
- Sends a critical alert when the certificate is within 7 days of expiry
- Fails the regular HTTP check immediately if the certificate is already invalid (when Verify SSL is on)
Common Scenarios
Let’s Encrypt certificates expire every 90 days. If your auto-renewal is misconfigured, a 30-day warning gives you ample time to diagnose and fix before users are affected.
Purchased certificates (1-year, 2-year) are easy to forget about. Set a 30-day warning and a 7-day critical to catch them before they lapse.
Wildcard and multi-domain certificates covering several subdomains can be monitored by enabling SSL checks on any one of the HTTP monitors targeting those subdomains.
Domain Expiry Monitoring
Domain registration expiry monitoring works the same way - it is an option on HTTP monitors that runs on a 24-hour schedule at no extra credit cost. When enabled, UpCanary checks how many days remain on your domain registration and alerts you based on your configured warning and critical thresholds.
This prevents your domain from lapsing, which would take your entire site offline regardless of SSL or server status.
Related Documentation
- HTTP / HTTPS Monitors - SSL monitoring is configured as part of HTTP monitors
- Monitor Overview - All monitor types and how they work
- Alerts & Notifications - Get notified before certificates expire
- Check Intervals & Credits - SSL checks run on a 24-hour schedule at no extra credit cost