Unsparing Docs

SSL Monitoring

Never let a certificate expire by surprise. Monitor SSL certificate expiry, chain validity, and replacements with progressive warnings.

How SSL Monitoring Works

Unsparing connects to your HTTPS endpoints, retrieves the certificate chain, and tracks:

  • Expiry date — alerts at 30, 14, and 7 days before expiry
  • Certificate chain — validates the full chain from leaf to root
  • Fingerprint changes — detects when a certificate is replaced

Adding an SSL Monitor

  1. Navigate to SSL → Monitors and click Add Monitor
  2. Configure the monitor:
FieldDescription
HostnameThe domain to monitor (e.g., example.com)
PortHTTPS port (default: 443)
Warning ThresholdsDays before expiry to trigger warnings

Alert Schedule

Unsparing uses progressive warnings so you're never caught off guard:

Days Before ExpiryAlert Level
30 daysInfo — time to plan renewal
14 daysWarning — renewal should be in progress
7 daysCritical — renew immediately
ExpiredEmergency — site may be unreachable

What Gets Checked

Expiry Date

The most common SSL issue. Unsparing checks the notAfter date and alerts you progressively.

Certificate Chain

A valid certificate isn't enough — the full chain must be correct. Unsparing validates:

  • The leaf certificate matches the hostname
  • Intermediate certificates are present and valid
  • The root certificate is trusted
  • No expired certificates in the chain

Fingerprint Changes

When a certificate is replaced (renewal or reissuance), the fingerprint changes. Unsparing logs this so you can:

  • Confirm automated renewals worked
  • Detect unauthorized certificate replacements
  • Track certificate rotation history

Common Issues Detected

IssueDescription
Self-signed certificateNot trusted by browsers
Expired intermediateChain breaks even if leaf is valid
Hostname mismatchCertificate doesn't cover the domain
Weak signatureSHA-1 or other deprecated algorithms
Missing intermediateIncomplete chain causes browser errors

API Endpoints

List SSL Monitors

curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://api.unsparing.dev/api/v1/ssl/monitors

Create an SSL Monitor

curl -X POST -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"hostname": "example.com", "port": 443}' \
  https://api.unsparing.dev/api/v1/ssl/monitors

Plan Limits

PlanSSL Monitors
Free2
HomelabberUnlimited
TeamsUnlimited
AgencyUnlimited

Uptime Monitoring · API Reference

DNS Monitoring

Monitor DNS records for unexpected changes, track propagation across resolvers, and detect hijacking early.

Uptime Monitoring

Monitor HTTP, HTTPS, and TCP endpoints from multiple locations. Know before your users do when something is down.

On this page

How SSL Monitoring WorksAdding an SSL MonitorAlert ScheduleWhat Gets CheckedExpiry DateCertificate ChainFingerprint ChangesCommon Issues DetectedAPI EndpointsList SSL MonitorsCreate an SSL MonitorPlan Limits