The certificate was renewed, but the edge still serves the old one.
Track the served certificate at the edge so CDN, load-balancer, and platform moves do not hide stale certificates.
Customer-facing SSL/TLS risk
Domain Trust Watch checks the domains and subdomains your team depends on. See when api.example.com has 14 days left, whether Slack received the warning, and whether the renewed certificate is actually served.
Workspace preview
api.domaintrustwatch.com
Validcheckout.example.com
Warningidp.example.com
Issuer changedThe overview shows monitored hostnames, renewal pressure, certificate changes, and whether critical warnings reached Slack, email, or webhook routes.
Where certificate work breaks
Renewals, CDN changes, and alert ownership rarely live in one clean system. Domain Trust Watch keeps the served certificate, deadline, warning route, and delivery evidence attached to the monitored hostname.
Track the served certificate at the edge so CDN, load-balancer, and platform moves do not hide stale certificates.
Attach labels, routes, and workspace ownership to the hostname instead of leaving context in tickets.
Keep delivery attempts beside the certificate event so cleanup is obvious before the next deadline.
What changes
The product is not just another reminder. It connects the failure mode to the operational proof a team needs when ownership shifts.
What the team sees
Each alert points back to the monitor, served certificate, and delivery trail, so the next action is easier to trust.
Action needed: expires Jun 18, issuer Lets Encrypt, checked 6 minutes ago.
api.example.com has 14 days left. Next action: Renew before the final week.
Delivered to Slack #platform-alerts after 1 attempt.
42 accepted, 3 duplicates, 2 malformed rows.
Monitor detail keeps the served certificate, SAN coverage, fingerprint history, check timeline, and alert delivery attempts attached to the hostname.
Certificate work gets easier when expiry, served certificate state, ownership, and alert delivery live in one visible record.
Domain Trust Watch gives our team one place to check the certificate actually served at the edge, the renewal window, and whether the warning reached the right channel.
“The useful part is the delivery trail. We can see the monitor, issuer, expiry, and alert delivery state without asking three people to confirm what happened.”
“It catches the drift calendar reminders miss. That matters when domains move between hosting, CDN, and client-owned DNS accounts.”
“The team stopped guessing where alerts went. Having Slack, email, and webhook delivery attempts beside the certificate event makes expiry cleanup much easier to trust.”
“Client handoffs are less fragile now. We can keep client domains, owners, renewal context, and certificate evidence in one operating record instead of scattered tickets.”
How it works
A small workflow, built around the thing customers actually touch.
Domain Trust Watch reads the certificate actually served by the domain or subdomain users connect to, not the renewal date copied into a calendar.
Warnings go to the route attached to that monitored hostname, with delivery attempts visible next to the event.
Snapshots preserve issuer, SANs, fingerprint, chain depth, expiry, and validation state after renewals or edge changes.
Workspace
Add one hostname, run a live check, bulk import the rest, and route warnings to the channels your team already watches.
Start with one hostname
Use the free checker to see the certificate served right now. Add monitoring when the hostname needs renewal warnings, change history, and routed alerts.