Setting up SSL monitoring takes less than 5 minutes and eliminates one of the most preventable causes of website downtime. This guide walks through the full process — from choosing a monitoring approach to setting up team alerts.

Before You Start: Know Your Certificates

Before setting up monitoring, make a list of everything that needs to be monitored:

Websites

Your main domain (example.com.au)
Any subdomains (shop.example.com.au, app.example.com.au)
Staging/test environments if they're customer-facing

Other services

API endpoints (api.example.com.au)
Email servers (mail.example.com.au)
Any customer-facing portals

It's common to discover 3–4 certificates you didn't know you were responsible for. Find them now rather than during an outage.

Step 1: Choose Your Monitoring Approach

Option A: Automated Monitoring Service (Recommended)

Tools like CertGuard check your certificates on a schedule and alert you before expiry. Setup is 2 minutes per domain, no technical access to your server required.

Best for: Most businesses. Requires no technical knowledge.

Option B: Cron Job + Script (Technical)

If you manage your own servers, you can write a shell script that checks certificates and emails you:

#!/bin/bash
# Linux only — macOS uses BSD date and requires a different date parsing command
DOMAIN="example.com.au"
DAYS_WARN=30

EXPIRY=$(echo | openssl s_client -connect $DOMAIN:443 -servername $DOMAIN 2>/dev/null \
  | openssl x509 -noout -enddate 2>/dev/null \
  | cut -d= -f2)

EXPIRY_SECONDS=$(date -d "$EXPIRY" +%s)
NOW_SECONDS=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_SECONDS - $NOW_SECONDS) / 86400 ))

if [ $DAYS_LEFT -le $DAYS_WARN ]; then
  echo "WARNING: $DOMAIN certificate expires in $DAYS_LEFT days" \
  | mail -s "SSL Expiry Warning" you@example.com.au
fi

Run this daily via cron. Requires server access and a working mail server.

Best for: Developers who want full control.

Option C: Hosting Provider's Built-in Alerts

Some hosting providers (WP Engine, Kinsta, cPanel-based hosts) manage and auto-renew SSL certificates — check your hosting dashboard to see if renewal notifications are included.

Best for: Businesses whose hosting provider already includes this.

Step 2: Set Up CertGuard (Option A Walkthrough)

Create Your Account

Go to certguard.au and click "Get Started"
Sign up with Google, GitHub, or email
Verify your email

Add Your First Domain

From the dashboard, click "Add Monitor"
Enter your domain: yourdomain.com.au (no need for https://)
CertGuard immediately runs the first check and shows your certificate details
Set alert thresholds — recommended: 30 days, 14 days, 7 days
Click Save

You'll see your certificate's expiry date, issuer, and days remaining right away.

Add More Domains

Repeat for each domain on your list. The free tier covers 3 domains. Pro ($9.99/month) covers up to 25.

Step 3: Configure Alert Channels

Email alerts are set up automatically. For team alerting:

Slack Integration

Go to Dashboard → Integrations → Add Integration
Select Slack
Click "Add to Slack" and authorise CertGuard
Choose the channel for alerts (e.g., #infrastructure or #alerts)
Click Save

Now the whole team gets notified — not just whoever owns the email account.

Microsoft Teams

Microsoft retired the legacy Office 365 Connectors feature for Teams in early 2025. The recommended approach is to use Workflows (Power Automate) to create an incoming webhook:

In Teams, go to your chosen channel → Workflows → "Post to a channel when a webhook request is received"
Copy the generated webhook URL
In CertGuard: Integrations → Add → Webhook → paste the URL

Alternatively, use the CertGuard webhook integration with your own Power Automate flow.

Generic Webhook (PagerDuty, Opsgenie, etc.)

Create an incoming webhook in your alerting tool
In CertGuard: Integrations → Add → Webhook → paste the URL
CertGuard sends JSON payloads you can route to any system

Step 4: Test Your Alerts

Don't trust a monitoring setup you haven't tested. Most monitoring tools have a "Send Test Alert" button — use it immediately after setup.

Verify:

✅ Email arrives in the right inbox (not spam)
✅ Slack message appears in the right channel
✅ The alert contains the domain name and days remaining
✅ The acknowledge/dismiss link works

Do this for each integration you've configured.

Step 5: Set Up for Your Whole Team

SSL expiry shouldn't be one person's responsibility — it should be the team's.

Who Should Receive Alerts?

Dev/Ops team — for all technical domains (APIs, subdomains)
IT Manager — as a backup for all critical domains
Website manager — for customer-facing domains

Use Slack/Teams channels rather than individual emails so alerts don't disappear when someone's on holiday.

Document It

Add a section to your team's runbook:

Where SSL monitoring is configured
What to do when an alert fires (who to contact, where to renew)
How to add new domains when they're created

This prevents the "only one person knew the password" problem.

Step 6: Audit Every 6 Months

Set a calendar reminder for every 6 months to:

Check that all current domains are being monitored
Remove domains that no longer exist
Add any new domains that were created
Verify all integrations are still sending alerts (run the test alert)

Team changes, new products, and infrastructure changes all create gaps. A regular audit catches them.

Common Mistakes to Avoid

Monitoring only the apex domain example.com.au and shop.example.com.au may have separate certificates. Monitor both.

Trusting auto-renewal without monitoring Let's Encrypt auto-renewal can fail silently (expired domain, wrong email, DNS issues). Monitoring catches this.

Using a personal email for alerts If you leave the company, the alerts go to your personal inbox. Use a shared inbox or team channel.

Setting alert thresholds too low A 3-day alert doesn't give you enough time if you're on leave. 30 days is the minimum recommended first alert.

You're Done

Properly set up SSL monitoring looks like this:

All domains monitored (apex, subdomains, APIs)
Alerts going to a team channel or shared inbox
Alert thresholds set to 30, 14, 7 days
Test alert confirmed working
Documented in the team runbook
Calendar reminder for 6-month audit

Total setup time: 15–30 minutes. The cost of not doing it — certificate expiry, visitor loss, emergency renewals at 2am — is considerably higher.

Monitor Your SSL Certificates Automatically

CertGuard monitors your certificates automatically and alerts you before anything expires. Free for up to 3 domains.

Start Free →

Guides

SSL Certificates Explained for Non-Technical Business Owners

No jargon, no acronyms. Here's what SSL certificates actually are, why your business needs one, and what happens if yours lapses — in plain English.

Security

ISO 27001 and SSL Certificate Management: Building a Compliant Certificate Program

ISO 27001 requires formal controls for cryptographic key and certificate management. Here's how to build an SSL certificate management program that satisfies auditors.

Monitoring

Best SSL Certificate Monitoring Tools for Australian Businesses

Comparing the top SSL monitoring tools available in Australia — features, pricing, and which one is right for your business size.

How to Set Up SSL Monitoring for Your Business (Step-by-Step)