An expired SSL certificate instantly breaks your site for every visitor — browsers show a security warning and block access. Beacony monitors your TLS certificate expiry date via direct handshake and sends escalating warnings at 30, 14, 7, and 1 day so you always have time to renew.
Beacony sends a warning at each threshold — enough time to renew at each stage.
Early warning
First alert. Plenty of time to renew through any registrar or Let's Encrypt.
Reminder
Second alert. Certificate renewal should be in progress.
Urgent
Third alert. Renew immediately if you haven't already.
Critical
Final alert. Certificate expires tomorrow. All channels notified.
Expired — site is down
Beacony marks the monitor as DOWN and opens an incident. Visitors see a security warning.
No agents, no code changes. Add your domain name and Beacony reads the SSL certificate expiry date automatically via TLS handshake — no access to your server needed.
SSL expiry warnings go through all your configured alert channels — email, Slack, PagerDuty (Growth+), or webhook (Starter+) — at each warning threshold.
If the certificate has already expired, Beacony marks the monitor as DOWN immediately and opens an incident — not just a warning. Your on-call team is notified.
DV, OV, EV, wildcard, or multi-domain (SAN) certificates. Monitors any public HTTPS endpoint including non-standard ports (e.g. example.com:8443).
No — Beacony monitors and alerts, renewal is handled by you or your hosting provider. With warnings at 30, 14, 7, and 1 day before expiry, you have ample time to renew through your CA, Let's Encrypt, or your CDN provider.
Auto-renewal can fail silently due to DNS propagation issues, rate limits, or misconfigured certbot hooks — and you won't know until the cert expires. Beacony catches those failures at the 30-day mark, giving you a month to fix the renewal pipeline before any user sees an error.
SSL certificate checks run on your monitor's configured interval. Daily checks (every 24 hours) are sufficient since the expiry date only changes when a certificate is renewed. The 30-day warning threshold ensures you always have a full renewal window.
Yes. Specify the port directly in the domain field — for example, example.com:8443. Beacony performs the TLS handshake on that port and reads the certificate expiry date exactly as it does for standard port 443.