Monitoring SSL/TLS Certificate Expiration
Don't let an expired certificate bring your site down. Learn how to use supaguard to monitor SSL expiration and get alerted before users see a security warning.
An expired SSL/TLS certificate is one of the most common—and avoidable—causes of website downtime. While general uptime checks tell you if the site is "up," an SSL Monitor ensures your security layer is valid.
Why Monitor SSL?
- Browser Blockers: Modern browsers prevent users from accessing sites with expired or invalid certificates.
- Brand Trust: Security warnings ("Your connection is not private") drive away 70% of potential traffic.
- Search Ranking: Google penalizes sites with security configuration issues.
How to Create an SSL Monitor in supaguard
While supaguard focuses on Playwright browser journeys, you can easily create a dedicated "Security Check" using our standard execution engine.
Method 1: Playwright-Native Assertion
You can check if the page loaded securely and inspect the certificate details via the request or response object.
import { test, expect } from '@playwright/test';
test('verify ssl certificate is valid', async ({ page }) => {
const response = await page.goto('https://your-site.com');
const securityDetails = await response.securityDetails();
// 1. Assert that the protocol is secure
expect(securityDetails.protocol()).toContain('TLS');
// 2. Alert if certificate expires in less than 30 days
const validUntil = securityDetails.validTo();
const daysRemaining = (validUntil * 1000 - Date.now()) / (1000 * 60 * 60 * 24);
expect(daysRemaining).toBeGreaterThan(30);
});Method 2: API-Based SSL Check
If you only want to check the certificate without loading the full browser UI, use a lightweight API check.
test('api ssl check', async ({ request }) => {
const response = await request.get('https://api.your-app.com');
const security = await response.securityDetails();
expect(security.subjectName()).toBe('your-app.com');
expect(Date.now() / 1000).toBeLessThan(security.validTo());
});Recommended Monitoring Strategy
| Check Type | Frequency | Goal |
|---|---|---|
| Critical Journeys | 1 - 5 mins | Ensure users can buy/login. |
| SSL Expiration | 24 hours | Catch expiration weeks in advance. |
| Global Uptime | 5 - 10 mins | Verify availability across regions. |
Alerting Best Practices
For SSL checks, we recommend a specific Alert Policy:
- Channel: Send to your
#security-alertsor#opsSlack channel. - Threshold: One single failure is enough to investigate.
- Remediation: If an alert fires, check your certificate provider (e.g., Let's Encrypt, DigiCert) for auto-renewal failures.
[!IMPORTANT] Unlike Datadog, which charges a premium for dedicated "SSL Tests," supaguard allows you to run these as standard checks within your existing credit pool.
Next Steps
Quick Start Guide: Set Up Synthetic Monitoring in 5 Minutes
Get started with supaguard in minutes. Create an account, set up your organization, create your first check, and configure alerts.
Synthetic Monitoring Checklist: 30-Point Guide for SaaS Reliability
Use this practical synthetic monitoring checklist to improve uptime, catch broken user flows, and build a reliable incident response process for SaaS applications.