Core Concepts
SSL Monitor
Monitor TLS certificate expiry with degraded/down thresholds
SSL monitors open a TLS connection, read the peer certificate expiry date, and map remaining time to monitor status.
Minimum setup
Set:
hostport(default443)degradedRemainingHours(default168)downRemainingHours(default24)
degradedRemainingHours must be greater than downRemainingHours.
Status logic
Let hours = hours until certificate expiry:
hours > degradedRemainingHours→ UPdownRemainingHours < hours <= degradedRemainingHours→ DEGRADEDhours <= downRemainingHours→ DOWN
Connection/certificate retrieval errors also return DOWN.
Configuration fields
| Field | Type | Default | Notes |
|---|---|---|---|
host |
string |
— | Required |
port |
string |
443 |
Numeric string accepted |
degradedRemainingHours |
number |
168 |
Must be > downRemainingHours |
downRemainingHours |
number |
24 |
Example
{
"type": "SSL",
"type_data": {
"host": "example.com",
"port": "443",
"degradedRemainingHours": 168,
"downRemainingHours": 24
}
}
Troubleshooting
- Immediate DOWN: wrong host/port or TLS unavailable
- Validation fails: ensure degraded threshold is strictly greater than down threshold
- Unexpected expiry result: verify served certificate/SNI for that host