Docs

Configure alert channels, severity, and retries.

Each certificate event creates delivery rows for configured channels. Transient failures retry on a fixed schedule before dead-letter status.

Alert route

Critical warnings are routed

Slack + email

Expiry, validation, and certificate-change events keep the route and delivery attempts attached to the hostname.

SeverityFinal-week expiry
Slack#certificates delivered
WebhookSigned payload ready
Alert routing

Route warnings by workspace, hostname, channel, and severity.

Alert routes show which events go to Slack, email, or signed webhooks before a missed warning becomes a second problem.

01

Event types

Expiry, validation, and certificate-change events are grouped by severity so teams can decide which channels receive early reminders, final-window warnings, critical failures, and review events.

  • Use expiry thresholds for renewal planning and urgent deadlines.
  • Use validation failures for broken or untrusted public serving state.
  • Use certificate-change events when public certificate metadata deserves review.
Certificate event behavior
Event typeWhen it appearsCommon severity
Expiry warningCertificate crosses a configured threshold such as 30, 14, 7, 3, or 1 day.Early to urgent based on window.
ExpiredThe served certificate is past its Not After date.Critical.
Validation failureHostname mismatch, untrusted chain, active-window, parse, or other validation problem.Critical for customer-facing endpoints.
Certificate changeIssuer, SANs, serial, fingerprint, validity, chain depth, or validation state changed after a successful check.Review unless paired with a validation failure.
Delivery failureA configured channel failed, retried, or became dead-lettered.Operational cleanup for the alert path.
02

Supported channels

Domain Trust Watch supports email, Slack incoming webhooks, and signed customer webhooks for certificate event delivery.

Channel fit
ChannelBest forWatch for
Email30-day and 14-day reminders, shared inboxes, and searchable renewal records.Do not rely on email alone for final-week critical failures.
SlackWatched operational channels for urgent expiry and validation failures.Rotate stale incoming webhook URLs and test after channel changes.
Signed webhookTicketing, inventory, or incident automation.Verify signatures and handle retries idempotently.
03

Retry policy

Transient delivery failures retry at 5 minutes, 15 minutes, 1 hour, 4 hours, and 24 hours before dead-letter status.

  • Successful deliveries remain attached to the event.
  • Repeated receiver, provider, or network failures become visible as failed or dead-lettered delivery rows.
  • Use dead-letter status as channel cleanup work, not as proof the certificate is healthy.
04

Delivery logs

Delivery history shows the channel, status, attempts, and provider error text available to the product.

  • Check logs after test deliveries.
  • Review retries and dead-letter outcomes when warnings do not arrive.
  • Use provider errors to clean up stale channels.
Need a live read first?

Check the endpoint before changing monitor settings.

Run the checker when you need to confirm the served certificate, then use the docs for setup details.