We’d like to take a look at it. Can you give me a domain to look at?
Hi,
www.civillines.nl is a domain with 2 certificates.
You can connect to it with a RSA handshake:
openssl s_client -connect www.civillines.nl:443 -cipher ECDHE-RSA-AES128-GCM-SHA256 2> /dev/null | openssl x509 -noout -dates
and ECC:
openssl s_client -connect www.civillines.nl:443 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 2> /dev/null | openssl x509 -noout -dates
Hope this helps you. Great tool btw.
First: Great idea and very nice project!
I have two ideas to improve it:
- Let the User set at which time (days left) the color would change to yellow and red
- Add the possibility to add multiple Monitors at the same time. Especially if you have a lot of domains that you want to add it is really a lot of work to add all
What do you think about it?
You could also as support for [Threema Gateway] (https://gateway.threema.ch) as an SMS alternative. It’s much cheaper, works international (for the same price) and is more secure than SMS (so Google won’t know what certs you own 
).
Of course the users wanting a secure delivery of their messages have to use Threema for this.
If the code is open source and you use PHP I could even help you with integrating it. (I’d strongly recommend you to use the end-to-end version.)
while we are at it, why not use a telegram bot? the only sad part is that the user has to initiate the communication with the bot but aside from that, it also has the great point that it’s free for both user and the bot maker.
There’s a Nagios/Icinga plugin that does the job nicely. However, this looks pretty good for the type of person who can get to grips with ACME but is unable to use a calendar.
1 Like
Currently Let’sMonitor.org does only send notifications for cert renewals, does not it?
I think a much better use-case would be if could monitor Certificate Transparency logs and send me a notification if a new cert for my domain is issued. This way one can check whether this are legitimate certs or if they were issued incorrectly.
Very interesting idea. We will look into adding that.
Thanks for the input. I think those are great suggestions. We will add those to what we are working on.
I have also found an error: If the Webserver answers with the Wrong certificate (i.e. you watch the domain test.com and it sends the the cert for example.com)
I think thats a reallyimportant thing to fix
1 Like
Looks great.
I would love to be able to bulk add a list of domains 
The SSL monitoring par works well in the means that I’m getting on how many days the certifictes will expired.
But I’m getting a lot of annoying email notifications “Monitoring alert for Ks3” with the text :
ALERT for Ks3: connect ETIMEDOUT 151.80.45.157:443
Don’t know if this due to a wrongly setup of my Web Server, but this web server is hosting several Virtual Host for which I have a let’s encrypt certificate;
Thanks in advance for your advices
The service will send an alert if it can’t reach the host. I looked at the logs and all the errors are coming from the Singapore station. I tried manually to reach your sites from the Singapore station and they were unreachable. Here is a trace:
1 <1 ms <1 ms <1 ms ec2-175-41-128-238.ap-southeast-1.compute.amazonaws.com [175.41.128.238]
2 1 ms 1 ms 1 ms 203.83.223.30
3 8 ms 10 ms 10 ms 52.93.8.94
4 1 ms 1 ms 1 ms 52.93.8.79
5 2 ms 3 ms 4 ms ae-4.r00.sngpsi05.sg.bb.gin.ntt.net [116.51.17.129]
6 2 ms 1 ms 1 ms ae-0.tata-communications.sngpsi05.sg.bb.gin.ntt.net [129.250.8.242]
7 185 ms 185 ms 179 ms if-ae-11-2.tcore1.SVW-Singapore.as6453.net [180.87.98.38]
8 183 ms 183 ms 183 ms if-ae-16-5.tcore2.MLV-Mumbai.as6453.net [180.87.39.169]
9 186 ms 187 ms 186 ms if-ae-2-2.tcore1.MLV-Mumbai.as6453.net [180.87.38.1]
10 186 ms 185 ms 185 ms if-ae-5-6.tcore1.WYN-Marseille.as6453.net [180.87.38.126]
11 244 ms 244 ms 244 ms if-ae-8-1600.tcore1.PYE-Paris.as6453.net [80.231.217.6]
12 247 ms 247 ms 248 ms if-ae-30-2.thar2.VI8-Vitry-Sur-Seine.as6453.net[5.23.25.5]
13 253 ms 253 ms 253 ms 5.23.25.18
14 246 ms 246 ms 245 ms 49e-s46-5-a9k2.dc3.poneytelecom.eu [195.154.1.91]
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
The primary focus was just monitoring expirations, but we are getting a lot of requests to do more validation-type checking. We don’t want to get into too much of that, because it is crazy full of edge cases. However, your point is valid. We should be doing some more basic validation. We will be adding that.
What would be better, an API or file upload type of thing?
Please add ability to check non-standard ports (example.com:9999).
It’s useful for admin interfaces, control panels etc.
Non-standard ports create a risk that this service can be used as part of an attack. Anybody running a public-facing web server expects to get a certain amount of traffic from spiders and other robots, they have since almost the dawn of the web. But other applications (which may not even speak SSL) not so much.
So it may need some extra thought to make the possibility of monitoring non-standard ports safe for everybody.
I solve the “monitoring” issue by just running an @weekly cron that goes out and renews everything (if they’re due, of course).
Much simpler, imho
There is the issue of the cron job failing.