CertWatch runs a daily SSL, DNS, and WHOIS check on every domain you give it, and emails you before something breaks. No agents, no dashboards to remember to open, no cron jobs to maintain yourself.
A real TLS handshake against your domain on port 443. We read the peer certificate, parse notAfter, and alert at 60, 30, 14, 7, 3, and 1 days before expiry. Cert verification failures trigger an immediate alert.
WHOIS lookup against the registrable apex. We catch the domain itself expiring, not just the cert on it. Escalating alerts at 90, 60, 30, 14, 7, 3, and 1 days.
A-record resolution via public resolvers. If your domain stops resolving, you hear about it within 24 hours. One alert per calendar day of outage so your inbox stays sane.
Registrars only warn about their own records. They don't watch your Let's Encrypt certs on hosts they don't manage. CertWatch watches the certificate that is actually serving traffic.
Auto-renewal works until it doesn't. A broken renewal hook, a changed DNS provider, a deprecated challenge type. The failure is silent until the cert expires. CertWatch makes it loud.
Each threshold per expiry date fires exactly once. A healthy portfolio of 50 domains produces roughly zero emails per month until something is actually about to break.
Yes. The Pro and Team plans are sized for MSPs. Alerts go to your inbox. You remain the operator; we just tell you what's coming.
Subscription ends at the current period. Your data is retained for 30 days in case you come back, then permanently deleted.
Built by a South Florida MSP operator. It monitors our own book of domains, too. If it fails for you, it has probably already failed for us.