Continuing the discussion from Monitoring the state of certificates:
I have revived a closed topic as a recent change of the preferred protocol to IPv6 caught some of us by surprise as not all ISPs and servers are set up correctly.
It’s perfectly alright to trust your cron and a favorite Let’s Encrypt client to renew your server’s certificate when it’s due. But it’s good practice to setup an independent monitoring, if downtime of your servers is more than just a nuisance. Renewing a certificate involves many moving parts so it really is a good idea to continuously check that all keeps working perfectly.
As the original topic listing monitoring tools was abandoned, I have extended its list of various options to monitor Let’s Encrypt / SSL certificates from the original topic. It includes, free cloud services, FOSS projects, as well as commercial systems.
Please, chip in with services/projects I missed.
Free cloud monitoring services:
- KeyChest.net - dashboard & emails & subdomain discovery;
- CertificateMonitor.org - emails
- LetsMonitor.org - dashboard & emails;
There are standalone applications (GitHub or other FOSS projects):
- Certinel - GitHub;
- Checkssl - GitHub;
- lectl - GitHub; or
- SSL cert check - Prefetch Technologies.
Commercial solutions (in one way or another):
- GlobalSign Inventory
- DigiCert certificate inspector
- Cert Spotter
- AppViewX
- ManageEngine SSL cert monitoring
- Solarwinds SSL cert monitor
- Is It Working
- monitis SSL uptime monitoring
- Uptrends SSL cert monitoring
- site24x7 SSL expiry monitoring
- dotcom-monitor
- PA Server Monitor
- RapidSpike
Plugins:
check_ssl_cert_plugin for Nagios
Standalone apps: