Endpoint fields
Hostname and port define the TCP target. SNI can be overridden when the endpoint presents a certificate based on a different server name than the connection hostname.
- Use the public hostname users, customers, or API clients connect to.
- Keep port 443 unless the service intentionally uses another TLS port.
- Use SNI override only when the TLS server name must differ from the connection hostname.
| Field | What it controls | Default or example |
|---|---|---|
| Hostname | The public domain or subdomain to connect to. | api.example.com |
| Port | The TCP port checked for TLS. | 443 unless the service intentionally uses another TLS port. |
| SNI hostname | The server name sent during TLS negotiation. | Usually the same as hostname; override for origin or load-balancer tests. |
| Label | Human-readable name in monitor lists. | Production API |
| Tags | Filtering context for client, environment, owner, vendor, or system. | prod, platform, client-a |
| Thresholds | Expiry windows that create warning events. | 30, 14, 7, 3, and 1 days. |
| Cadence | How often scheduled checks run for the plan. | Plan-dependent; immediate test is available after setup. |
| Pause/resume | Temporarily stops or restarts scheduled checks. | Use for intentional retirements, not unresolved failures. |
| Test now | Runs an immediate check after edits, renewal, DNS, CDN, or channel changes. | Use before closing renewal work. |