Example of configuring TLS(SSL)-certificate monitoring
This is an example of setting up monitoring to validate a TLS(SSL)-certificate so that 10 days before the certificate expires you receive an email notification.
1. Create a metric
-
In the dashboard, from the top menu, click Products and select Monitoring.
-
Make sure you have metrics available to create — in the top right corner, see the number of metrics created and the total number of metrics available. If all available metrics have been created, order additional metrics. Three metrics are available for free.
-
Click Create Metric.
-
Enter a name for the metric, for example Certificate Validation.
-
Optional: enter tags to filter in the metrics list.
-
Select SSL as the metric type.
-
In the Host/IP field, enter the domain for which the certificate is issued.
-
Select the protocol to be used for inspection — IPv4 or IPv6.
-
Select the check period — how often the check will be performed, e.g. every five minutes.
-
Select the validation timeout — the time to wait for a response from the server to the validation request, after which the validation will be considered unsuccessful, for example five seconds.
-
Select the sequence in which the checks are executed. The execution sequence determines from which test points the queries will be sent:
- sequentially — the tests will be performed one by one from each selected test point;
- in parallel — each check will be performed from all selected points simultaneously;
- random — the tests will be performed from a random point from the list of selected points.
-
Specify the connection port, the default port is 443.
-
Specify the period until the certificate expires — the number of days before the certificate expires when you want to be notified of the expiration, for example 10 days.
-
Select the inspection points from which to send requests. The points have IP addresses — if you have a firewall installed on your server, include these addresses in the firewall rules.
-
If you do not want certificate validation results to be displayed on the public monitoring statistics page for your account, uncheck the Output to public report checkbox.
-
If you do not want the certificate validation results to be included in the weekly report, select the Include in weekly email report checkbox .
-
Optional: test the metric — click Test Metric.
-
Click Create and Run.
2. Add an email for notifications
-
In the dashboard, from the top menu, click Products and select Monitoring.
-
Go to Reports and Notifications → Contacts tab.
-
Click Add Contact.
-
Enter the name of the contact, it will only appear in the control panel.
-
Select the contact type — Email.
-
Enter your mailing address.
-
Optionally, to ensure that notifications come only at certain times, check the Limit notification sending time checkbox and specify the sending time in the desired time zone.
-
Click Add.
-
An e-mail with a confirmation link will be sent to the specified e-mail address. To confirm your e-mail, open the link from the e-mail in any browser.
3. Set up email notifications
-
In the dashboard, from the top menu, click Products and select Monitoring.
-
Open the Metrics tab.
-
Open the metrics page you created in step 1 → Notifications tab.
-
Check the mail you added in step 2.
-
Click New Notification.
-
Select the event — Certificate Expired.
-
Choose whether to send the notification immediately when the metric detects the remaining certificate validity period (10 days) or after the required number of revalidations.If your certificate is automatically renewed and the renewal is delayed, we recommend that you choose to send the notification after revalidations. If the certificate has time to renew before the revalidation, the notification will not be sent.
-
If you do not want to be notified that the certificate has been reinstated, uncheck the Notify of reinstatement checkbox.
-
Click .