SSL certificates

Catch certificate problems before your visitors do. No more surprise browser warnings.

What SSL certificate monitoring covers

SSL certificate monitoring tracks the validity, expiry date, and trust chain of the digital certificate that encrypts traffic between your site and its visitors. Your SSL certificate is the padlock in your browser's address bar — if it expires or breaks, browsers show a scary warning page that stops people in their tracks, and trust takes a long time to win back. DomainDash keeps an eye on your certificate so you know about issues well before they reach a single visitor.

The security detail page showing certificate details, a health checklist, and check history

What we check

Every time we run an SSL check, we look at several things:

Is a certificate present? We make sure your site actually has a certificate installed.
Has it expired? Certificates have a fixed lifespan. We track when yours expires and warn you in advance.
Does it cover the right domain? A certificate issued for example.com won't work for shop.example.com. We check that your certificate matches the domain we're checking.
Is the chain trusted? Your certificate is part of a chain that leads back to a trusted authority. If any link in that chain is broken, browsers won't trust it.
Is it self-signed? Self-signed certificates aren't trusted by browsers. We flag these so you know to switch to a proper certificate.
Is the connection secure? We verify that the TLS (Transport Layer Security) connection, the encryption technology behind HTTPS, is working correctly.

Each check gets a clear pass or fail, so you can see at a glance whether everything is in order.

Modern certificates have short lifespans on purpose. Let's Encrypt issues 90-day certificates, and the wider industry is moving toward shorter renewal cycles. That means a missed renewal can take your site offline within weeks, not years — which is why we surface expiry warnings well ahead of time.

Understanding your SSL data

The security detail page shows two cards side by side:

Certificate details

This shows the key facts about your current certificate:

Covers: the domain name the certificate was issued for
Issued by: the certificate authority (like Let's Encrypt, Cloudflare, or DigiCert)
Valid from / Expires: the start and end dates of your certificate's lifespan
Protocol: the TLS version in use (like TLS 1.3)
Chain: whether the certificate chain is trusted

Below these details, a lifespan progress bar shows how far through its validity period your certificate is. As it gets closer to expiry, the bar changes colour to draw your attention.

Security checks

This is a checklist showing whether your certificate passes each of the checks described above. A green tick means everything is fine; a red cross means something needs attention.

Common SSL issues

When DomainDash flags an SSL problem, the troubleshooting section walks you through what's happening and how to fix it. The most common ones:

Certificate expired — the most frequent SSL issue. Almost always a renewal step that didn't run.
Hostname doesn't match certificate — your certificate was issued for a different domain than the one being served.
Self-signed certificate — a placeholder certificate is being served instead of the real one.
Certificate signed by an untrusted authority — the chain of trust is broken, often because an intermediate certificate is missing.
Visitors see a security warning — if you're not sure which issue you have, start here.

See all SSL troubleshooting pages for the full list.

Frequently asked questions

How early does DomainDash warn me before my SSL certificate expires?

DomainDash starts surfacing expiry warnings up to 30 days before your certificate expires. The status changes from Healthy to a warning state, and the lifespan progress bar changes colour as the deadline approaches. Critical expiry alerts are sent in the final two weeks.

How often does DomainDash run SSL checks?

SSL checks run between every 30 minutes and once a day, configurable per site. Certificates don't change often, so a few checks a day is usually enough to catch problems quickly without unnecessary load.

Does DomainDash check SSL certificates for subdomains?

DomainDash checks the exact domain you've added as a site. To monitor shop.example.com, add it as a separate site — it won't be covered by checks on example.com because SSL certificates are issued per-hostname (unless the certificate is a wildcard or covers the subdomain via Subject Alternative Names).

What does "untrusted certificate chain" mean?

Every SSL certificate is signed by an intermediate certificate, which is signed by a root certificate that browsers trust. If any link in this chain is missing or invalid, browsers can't verify the certificate and show a security warning. The most common cause is a server configured to serve the leaf certificate without the intermediate. See Certificate signed by an untrusted authority for fixes.

Can DomainDash monitor self-signed certificates?

DomainDash detects self-signed certificates and flags them as a problem, because browsers don't trust them and visitors will see security warnings. Self-signed certificates are appropriate for internal testing but not for production sites — switch to a free certificate from Let's Encrypt or a paid provider for public-facing sites.

Uptime monitoring for checking that your site is online and responding
DNS health for monitoring your domain's routing configuration

SSL certificates ​

What SSL certificate monitoring covers ​

What we check ​

Understanding your SSL data ​

Certificate details ​

Security checks ​

Common SSL issues ​

Frequently asked questions ​

How early does DomainDash warn me before my SSL certificate expires? ​

How often does DomainDash run SSL checks? ​

Does DomainDash check SSL certificates for subdomains? ​

What does "untrusted certificate chain" mean? ​

Can DomainDash monitor self-signed certificates? ​

Related ​