SSL Monitoring
Learn how the certificate expiration date is checked and displayed in the dashboard.
How does it work?
SSL control works with a separate queue job for sites on paid plans. The system opens the ssl://host:port socket, reads the peer certificate information and extracts the expiration date of the certificate from the validTo_time_t field.
On successful check, ssl_not_after and ssl_last_checked_at fields are updated. If the check fails, the last valid value is retained and the log record is dropped.
Control Frequency
SSL jobs do not run at the same frequency as uptime probe. The uptime:check-ssl command in Scheduler is triggered every day at 03:00 and only generates jobs for paid plan sites.
Warning Thresholds
| Remaining day | Behavior |
|---|---|
| 1 | The first and only default email alert is sent. |
SSL alerts are sent when there are 30, 7, 1 and 0 days to certificate expiration. 0 days is the Expired notification on the day the certificate expires.
View in Panel
On the Site Detail screen, the SSL Certificate card shows the status, end date, days remaining and last check time. The progress bar on the card turns green, amber or red depending on the number of days.
Working Warning Offline
Panel texts use the distinction between Valid and Expired for today; certificates expiring soon are visually highlighted with amber progress.