Skip to main content

Adding a New Certificate Monitor

Creating a certificate monitor allows you to start tracking TLS/SSL certificates on any of your services. Navigate to Certificate Monitoring ➡️ Manage ➡️ Monitors and click the Add Monitor button in the top right corner.

cert-adding-a-new-monitor.png

Configuration Fields

The Display Name field lets you assign a friendly, human-readable name for this monitor. Use descriptive names that identify the service and purpose, such as "Production Web Server", "Mail Server - SMTP", or "Internal LDAP - US-East". This name appears in the monitors list, error reports, and alert notifications.

The Protocol dropdown defines how the system connects to your service and retrieves the certificate. Available protocols include:

  • HTTPS - Web servers and APIs
  • SMTPS / SMTP+STARTTLS - Mail servers
  • IMAPS / IMAP+STARTTLS - IMAP services
  • POPS / POP+STARTTLS - POP3 services
  • FTPS / FTP+STARTTLS - File transfer
  • LDAPS / LDAP+STARTTLS - Directory services
  • MySQL / PostgreSQL - Database connections
  • SIPS - VoIP services

The Hostname field accepts DNS hostnames like mail.example.com, IPv4 addresses like 192.168.1.100, or IPv6 addresses like [2001:db8::1]. IPv6 addresses must be enclosed in square brackets. Append :port to override the protocol's default port, such as mail.example.com:2500, 192.168.1.50:8443, or [2001:db8::1]:8443. When using DNS hostnames, the system performs A and AAAA lookups and monitors all returned IP addresses, making it ideal for load-balanced services.

note

Enter only the hostname or IP address — do not include a protocol prefix (e.g., https://) or any other text. The port, if needed, is the only addition permitted (e.g., mail.example.com:2500).

The Profile dropdown determines validation rules and alert thresholds for this monitor. The default "Public Profile (Default)" is configured for publicly trusted certificates with standard expiration thresholds. Create custom profiles for specific use cases, internal services with private CAs, or to adjust alert thresholds based on certificate renewal lead times.

The Contact Group(s) selection specifies who receives alerts when certificate issues are detected. Select one or more contact groups from the available options — the "Default Contacts (Default)" group is pre-selected. Contacts in all selected groups receive alerts. Manage contact groups and notification methods (email, SMS, Slack, etc.) in the Contacts section of your account.

The Tags field lets you organize and filter monitors using custom labels for easier management. Common tag categories include:

  • Environment: production, staging, development
  • Service type: webserver, mailserver, database, ldap, api
  • Team: devops, platform, security
  • Location: us-east, eu-west, datacenter-1, aws, on-prem
  • Criticality: critical, high-priority, customer-facing
info

Billing for this monitor will begin immediately after you click Add Monitor. Each active monitor counts toward your account's monitor limit.

After Adding

Once created, the system immediately performs an initial certificate check and adds the monitor to your list. Click the Report link to view the full certificate chain analysis, validation results, expiration dates, issuer information, and any warnings or errors.

If you encounter connection errors, verify the hostname resolves correctly, the service is running, the protocol matches the service, and any custom port is specified correctly. For certificate errors, confirm TLS/SSL is enabled and verify STARTTLS support for protocols that require encryption upgrades.