Docs

Configure one monitored hostname.

A monitor represents one public TLS target, its check settings, and the certificate history attached to that hostname.

Reading path

Guidance turns into setup

Next steps

Articles connect the operational decision to checker, docs, monitoring, and routing workflows.

CheckRun one hostname now
LearnRead certificate monitoring docs
RouteSend urgent warnings
Monitor list

Filter public hostnames by status, tag, issuer, and deadline.

The monitor table keeps expiry, issuer, latest check, next check, and alert routing visible without rerunning terminal commands.

01

Endpoint fields

Hostname and port define the TCP target. SNI can be overridden when the endpoint presents a certificate based on a different server name than the connection hostname.

  • Use the public hostname users, customers, or API clients connect to.
  • Keep port 443 unless the service intentionally uses another TLS port.
  • Use SNI override only when the TLS server name must differ from the connection hostname.
Monitor field reference
FieldWhat it controlsDefault or example
HostnameThe public domain or subdomain to connect to.api.example.com
PortThe TCP port checked for TLS.443 unless the service intentionally uses another TLS port.
SNI hostnameThe server name sent during TLS negotiation.Usually the same as hostname; override for origin or load-balancer tests.
LabelHuman-readable name in monitor lists.Production API
TagsFiltering context for client, environment, owner, vendor, or system.prod, platform, client-a
ThresholdsExpiry windows that create warning events.30, 14, 7, 3, and 1 days.
CadenceHow often scheduled checks run for the plan.Plan-dependent; immediate test is available after setup.
Pause/resumeTemporarily stops or restarts scheduled checks.Use for intentional retirements, not unresolved failures.
Test nowRuns an immediate check after edits, renewal, DNS, CDN, or channel changes.Use before closing renewal work.
02

Labels, tags, and context

Labels make monitor lists readable. Tags support client, system, environment, vendor, and responsible-team grouping.

  • Use labels for the human-readable endpoint name.
  • Use tags for client, environment, system, vendor, or renewal contact.
  • Keep tags consistent before bulk imports grow the workspace.
03

Checks and lifecycle actions

Monitors can be tested immediately, paused, resumed, edited, or deleted. Test now is useful after renewal, CDN changes, DNS edits, or alert-channel changes.

04

Snapshots and events

Successful checks attach certificate snapshots to the monitor. Expiry, validation, and certificate-change events are generated from those checks and sent according to alert settings.

  • Snapshots include issuer, subject, SANs, validity dates, serial, fingerprint, chain depth, and validation state.
  • Events preserve the monitor identity so alerts, delivery attempts, and history stay attached to the hostname.
  • Use test now after SNI changes to confirm the monitor is checking the intended TLS server name.
Need a live read first?

Check the endpoint before changing monitor settings.

Run the checker when you need to confirm the served certificate, then use the docs for setup details.