LetsMonitor.org - Monitoring certificates


#1

https://letsmonitor.org

We built this for our internal use, but decided to make it our community project. It is highly scalable, free, and will always be free. It is a globally distributed monitoring service that checks for missing, expiring or misconfigured certs and alerts multiple recipients via SMS or email. This is intended to be a third-party supplement to the email expiration notifications LetsEncrypt already sends out.

With 90 day expirations, it can get a little tricky validating all your certs are up to date and functioning.


Let's Monitor site
Let's Monitor site
List of SSL/TLS related tools and tests you use?
#2

Were you trying to rip off the look of the LE home page, or was that an accident?


#3

Registered an account and put one of my sites on. For some reason it queried a subdomain and was constantly alerting me of connection issues due to a certificate mismatch.


#4

Can I provide it my CA cert so it will recognize my self-signed site certs?


#5

Very odd. No matter what method I use, I’m getting a cert back with the alternate names ‘mail’ and ‘calendar’. I’ve looked at the raw data and it is a different certificate than the one I get from a browser. I’m still looking into it…


#6

Not now, but that seems like a good feature to add.


#7

am I the only one who thinks that this homepage looks like they have copied LE?
also I get internal error on register


#8

The background image and fonts are based on LE.


#9

Nice Job.
Will try later.


#10

Fails on most of my domains, as it doesn’t appear to correctly find the domain ( it looks as if it just checks the main certificate on that IP, not for the specific domain name )


#11

by the way you register with your email but the login page asks for a username, this might be an error (as the email works fine)


#12

I support the “push your own CA” idea, also maybe you could try DANE validation if not done yet (I dont have a DANE yet, coz CF doesnt do that yet, sadly.


#13

2 questions:

LetsMonitor.org uses globally distributed servers

How many actual points of presence there are and in which locations?

Get alerts via email or SMS.

How would you be sending SMS messages, potentiality many of them, while keeping the service free, especially to international numbers?


#14

As far as I can tell - 2 with Amazon, both in the US.

54.241.0.136 Amazon - N. California United States
54.243.174.194 Amazon - N. Virginia United States

Good question, looks to be via google / level3


#15

yep I saw that as well, globally distributed looks quite different in my eyes

and that is free?
but the intresting question is whether they do intl SMS in the first place since the placeholder didnt make it look like it.


#16

And Google would connect my cell phone number with a certificate. Not even LE does that. :slight_smile:


#17

Stations are being added - we are now at six.


#18

Six locations as of now. They are:

http://54.241.0.136 Amazon - N. California United States
http://54.246.96.161 Amazon - Ireland Ireland
http://54.243.174.194 Amazon - N. Virginia United States
http://175.41.147.48 Amazon - Singapore Singapore
http://176.34.24.27 Amazon - Tokyo Japan
http://177.71.187.128 Amazon - Sao Paulo Brazil

More are being added…


#19

This is our community project, so we are hoping the SMS fees don’t get too high. We are using Twilio. Our logic is:

  • Alerts will be infrequent, since most certs will be auto-renewed or renewed well in advance
  • Worst case per cert is a few alerts every 90 days
  • We will try to steer users to using email based SMS (9495551212@vtext.com) for Verizon, for example.

#20

Thanks

Any update on getting it to correctly recognise certificates ? of the initial 7 hosts I put in, it only recognises 1 which is on it’s own IP ( the others are all on shared IP, and it doesn’t correctly check the cert )