Skip to content

Concepts Checks SSL

Arael Espinosa edited this page Jul 9, 2026 · 1 revision

SSL Check

The SSL check opens a TLS connection to a host and inspects the certificate. It alerts you before a certificate expires so you can renew it without causing downtime.

Source: SslCheckExecutor.cs · SslCheckData.cs

What it verifies

  • The TLS handshake succeeds (certificate is valid and trusted)
  • The certificate has not expired
  • The certificate has enough days remaining before expiry (configurable warning threshold)

Common use cases

Standard HTTPS site

{ "host": "example.com" }

Custom port (e.g. HTTPS API)

{ "host": "api.example.com", "port": 8443 }

Earlier warning — alert 60 days before expiry

{
  "host": "example.com",
  "warningDaysBeforeExpiry": 60
}

Configuration

Field Default Description
host Hostname to connect to (required)
port 443 TCP port for the TLS connection
warningDaysBeforeExpiry 30 Days remaining before the check goes DEGRADED

Statuses

Status When
UP TLS handshake succeeded, certificate valid, days remaining ≥ warning threshold
DEGRADED Certificate is valid but expires within warningDaysBeforeExpiry days
DOWN Certificate has already expired, TLS handshake failed, or TCP connection refused
FAILURE Host not configured

Latency

Measured from TCP connection start to end of TLS handshake (AuthenticateAsClientAsync).

Related

  • Checks — common settings (schedule, thresholds, criticality)
  • HTTP Check — pair SSL with an HTTP check to monitor both the endpoint and its certificate

Clone this wiki locally