SSL Certificate Monitoring

SSL Certificate Monitoring

PulseAPI can monitor your SSL certificates and alert you before they expire. This article explains how SSL monitoring works and how to configure expiry alerts.

How SSL Monitoring Works

Every check PulseAPI makes to an https:// endpoint includes SSL validation by default. If the SSL certificate is invalid — expired, doesn't match the hostname, or has a broken trust chain — the check is recorded as a failure.

This means you get automatic SSL failure detection built into every monitor. You don't need to configure anything extra to detect an expired or broken certificate.

SSL Certificate Expiry Alerts

SSL validation tells you when a certificate is already broken. Expiry alerts tell you when a certificate is about to expire — giving you time to renew it before your users see any errors.

To set up an expiry alert:

  1. Create an alert rule with a SSL Certificate Expiry condition.
  2. Set the threshold to the number of days before expiry you want to be notified (e.g., 30 days, 14 days, 7 days).
  3. Assign a notification channel.

We recommend creating two rules: one at 30 days (low priority, advance warning) and one at 7 days (high priority, urgent action needed).

See Alert Rule Conditions: SSL Certificate Expiry for step-by-step instructions.

Disabling SSL Verification

If you're monitoring an endpoint with a self-signed certificate (common for internal tools and staging environments), SSL verification will cause every check to fail because the certificate can't be verified against a public CA.

To disable verification for these monitors:

  1. Open the monitor (create or edit form).
  2. Toggle SSL Verification to off.
  3. Save the monitor.

Warning: Only disable SSL verification for internal or staging endpoints where you control the certificate. Never disable it for public production endpoints — if a production cert is invalid, your users are seeing errors and you need to know about it.

What SSL Errors Look Like in Check History

When SSL validation fails, the check history shows a Failed status with an error message indicating the SSL issue:

  • SSL certificate expired — the cert's expiry date has passed
  • SSL certificate hostname mismatch — the cert doesn't cover the hostname you're monitoring
  • SSL certificate untrusted — the cert chain can't be verified (self-signed or missing intermediate CA)
  • SSL handshake failed — a general TLS negotiation error

Related Articles

Still have questions? Contact support.

    • Related Articles

    • Authentication Options for Monitors

      If the endpoint you want to monitor requires authentication, PulseAPI needs to send credentials with each check. This article explains the supported authentication methods and how to configure them. Option 1: Basic Authentication Basic auth sends a ...

    • SSL Certificate Errors and Warnings

      This article explains the SSL errors you might see in PulseAPI check history and how to resolve each one. Common SSL Errors SSL certificate expired What it means: The certificate's validity period has ended. Browsers and PulseAPI both reject expired ...

    • Alert Rule Conditions: SSL Certificate Expiry

      An SSL expiry alert rule fires when your monitor's SSL certificate will expire within a specified number of days. This gives you advance warning before your certificate expires and causes real failures. How It Works PulseAPI reads the SSL certificate ...

    • Creating a Monitor

      This article explains how to add a new monitor (endpoint) to PulseAPI. After completing these steps, PulseAPI will begin checking the URL on your configured schedule and alert you if it goes down. Prerequisites: You must be a team Owner, Admin, or ...

    • Monitor Settings Reference

      This article describes every field in the monitor create/edit form. Use it as a reference when configuring a monitor or troubleshooting unexpected behavior. Basic Settings Name A label for the monitor. Appears in the dashboard, incident ...