This article explains the SSL errors you might see in PulseAPI check history and how to resolve each one.
What it means: The certificate's validity period has ended. Browsers and PulseAPI both reject expired certificates.
Fix: Renew the certificate through your certificate authority (CA) or hosting provider. Most managed hosting platforms (AWS, Heroku, Netlify, etc.) handle renewal automatically — check your provider's documentation.
Prevention: Set up an SSL expiry alert rule with a 30-day warning.
What it means: The certificate was issued for a different hostname than the one you're monitoring. For example, a cert for www.yourapp.com will fail on api.yourapp.com.
Fix: Issue a new certificate that covers the correct hostname, or use a wildcard certificate (*.yourapp.com) if you're monitoring multiple subdomains.
What it means: PulseAPI can't verify the certificate against a trusted root CA. This happens when:
Fix for self-signed certs: Disable SSL verification on the monitor (only appropriate for internal/staging endpoints you control). See Monitor Settings Reference.
Fix for incomplete chain: Install the full certificate chain on your server. Most SSL providers give you a "bundle" or "chain" file — ensure it's included in your server configuration.
What it means: A general TLS negotiation error. Can be caused by:
Fix: Review your server's TLS configuration. PulseAPI supports TLS 1.2 and 1.3. If your server is restricted to older TLS versions, update its configuration.
Disable SSL verification only for:
Never disable SSL verification for public production endpoints. If the cert is invalid, your users are getting browser security warnings.
To disable: edit the monitor → toggle SSL Verification off.
Still have questions? Contact support.