Skip to content
StatusOwlDocs

SSL & domain expiry monitor

Get notified before your SSL certificate or domain expires.

Last updated May 9, 2026

Expired SSL certificates and lapsed domain registrations are preventable causes of outages. StatusOwl tracks both so you never get caught off guard.

SSL and domain monitoring are available on Starter and above — see the pricing page for plan details.

SSL certificate monitor

When you add an SSL monitor, StatusOwl performs a TLS handshake against your hostname and inspects the certificate the server presents. It checks:

  • Certificate validity (not expired, valid signature, hostname match).
  • Days remaining until expiry.
  • Public CA trust chain — self-signed certificates are rejected.

The monitor evaluates the leaf certificate the server presents — the same certificate a browser would. Intermediate-chain completeness is not separately asserted; if the server is misconfigured to omit an intermediate, the TLS handshake fails and the monitor reports an error, which is the same outcome a real browser would experience.

The default check interval is 60 minutes.

Domain expiry monitor

StatusOwl queries WHOIS data for your domain and tracks the registration expiry date. The default check interval is once per day — WHOIS rate limits make high-frequency polling counter-productive, and registration expiries change on the order of months.

Private WHOIS

Many registrars (Cloudflare Registrar, NameSilo, Namecheap with WHOIS privacy) redact expiry dates from public WHOIS. In that case the monitor reports an error status — it can tell you a check ran, but it can't read the date. Use your registrar's dashboard or auto-renew setting as a fallback for those domains.

Alert thresholds

Each SSL or domain monitor has two threshold settings:

  • warning_days — fire a warning when the certificate / registration is fewer than this many days from expiry. Default: 30 days.
  • critical_days — fire a critical alert when fewer than this many days remain. Default: 7 days.

For SSL monitors you can override the defaults at creation time. Domain monitors currently use the defaults; per-domain customization is on the roadmap.

Reading the dashboard

Each SSL or domain monitor has its own detail view showing:

  • Current days-until-expiry, color-coded against your thresholds.
  • Last-checked timestamp and last-error reason.
  • The full text of the certificate (SSL) or the WHOIS record fields (domain).

When the monitor crosses warning_days or critical_days, an alert fires through every integration that has the corresponding event enabled — see the integrations overview.