Adjusting Certificate Expiration Alert Thresholds

Certificate expiration alert thresholds determine when you receive notifications as certificates approach their expiration date. These thresholds are configured in monitoring profiles, allowing you to apply different alert schedules to different groups of monitors.

Configuring Thresholds

Navigate to Certificate Monitoring ➡️ Manage ➡️ Profiles and either create a new profile or edit an existing one. In the Expiration Alert Threshold (in days) section, you can specify up to 10 values between 0 and 90 days. Click to add threshold values, and click the X to remove them.

When a certificate's remaining lifetime reaches any of these thresholds, the system sends an alert to all contact groups associated with that monitor. For example, with thresholds set to 60, 30, and 7 days, you'll receive alerts at 60 days before expiration, again at 30 days, and finally at 7 days.

Common Threshold Strategies

Aggressive monitoring with many thresholds provides frequent updates but may generate more notifications. Example values: 90, 60, 45, 30, 15, 7, 3, 1, 0 days.

Standard monitoring balances advance warning with notification frequency. Example values: 60, 30, 15, 7, 0 days.

Minimal monitoring reduces notification volume for less critical services. Example values: 30, 7, 0 days.

Adjust thresholds based on how quickly you can renew certificates. Services with lengthy approval processes may need longer advance notice, while automated certificate renewal systems like Let's Encrypt can use shorter thresholds.

Applying Changes

Profile changes immediately affect all monitors using that profile. Review the profiles list to see how many monitors use each profile before making changes. If you need different thresholds for different services, create separate profiles and assign them appropriately. See best practices for threshold strategy recommendations.