Why monitoring matters
Many companies discover SSL expiry only when a customer calls saying "your site shows a warning". By then, the site has been down for 1-2 hours, which means serious losses for e-commerce. SSL monitoring prevents this with notifications 30, 14, 7, and 1 day before expiry.
Beyond expiry, monitoring detects other issues: incorrect chain, domain mismatch, weak encryption algorithms, outdated protocol versions. These problems often go unnoticed after installation but surface during security audits.
Let's Encrypt auto-renewal
Let's Encrypt certificates are valid for 90 days, mandating automated renewal. Certbot runs via cron twice daily โ this is the official Let's Encrypt recommendation. When fewer than 30 days remain, Certbot automatically obtains a new certificate and reloads the web server.
After setting up auto-renewal, test it with certbot renew --dry-run, which simulates the full process without obtaining a real certificate. Any errors โ DNS changes or port 80 blocks โ surface before the actual renewal breaks.
External monitoring services
Server-side monitoring alone is insufficient โ if the server crashes, alerts never arrive. Use external services: UptimeRobot, Pingdom, StatusCake. They check certificates externally and send SMS, Telegram, email alerts. Free tiers offer 30-minute intervals, paid plans check every minute.
For custom monitoring, use openssl: openssl s_client -connect domain.com:443 2>/dev/null | openssl x509 -noout -enddate outputs the expiry date. Run it via a daily bash script.
Notification channels
Email is simplest but can delay. Telegram bots are faster and work well with team groups. Slack or Microsoft Teams suits corporate environments. Reserve SMS for the most critical situations.
Sayt.uz Practice
All SSL certificates obtained through Sayt.uz are automatically added to our monitoring system. Email alerts go out 30 and 7 days before expiry, with a visual indicator in the client panel. Let's Encrypt auto-renewal is enabled by default. For any questions, our support team is ready.