Blog
Practical certificate monitoring guides for operational decisions.
Use these articles when you need to choose expiry windows, route probe failures, verify a renewed certificate, or adjust monitoring after policy and platform changes.
Reading path
Guidance turns into setup
Articles connect the operational decision to checker, docs, monitoring, and routing workflows.
Editorial index
Read by the certificate operation in front of you.
The articles are arranged as operational paths: expiry pressure, probe failure, renewal closeout, and policy change.
Start with the expiry monitoring guide when you are deciding which public hostnames need recurring checks, which warning windows to use, and how to verify a renewal after the CA issues a certificate.
Read expiry guide02Probe failuresA TLS probe failed and I need to route itUse the probe-failure guide when the result is DNS, TCP, TLS handshake, hostname mismatch, expired, not-yet-valid, trust-chain, or parse failure and the first owner is unclear.
Read probe guide03Renewal checklistA renewal is in progressUse the renewal checklist to confirm scope, SANs, deployment targets, service reloads, public SNI checks, monitor events, and the final served certificate before closing the task.
Read checklist04Lifetime policyCertificate lifetimes or reminder sources changedUse the policy and ecosystem articles when shorter lifetimes, external reminder changes, or Cloudflare edge and origin behavior affect how your team plans warnings.
Read lifetime guideA complete certificate record for one monitored endpoint.
Monitor detail keeps the served certificate, SAN coverage, fingerprint history, check timeline, and alert delivery attempts attached to the hostname.
Article library