Introducing “SSL Monitoring”

HTTPs is becoming the “default” for any website whether it is a blog, portal, e-commerce or corporate one.

And, this year, Uptime Robot has sponsored 2 great projects, Let’s Encrypt (a free SSL CA) and Caddy (a free web server with SSL built-in) to help pushing this forward.

However, a website with an SSL certificate requires an extra layer of monitoring, “making sure the SSL works as expected”, as a certificate:

  • can expire
  • can produce errors (host mismatch, use insecure protocols like SSLv3..).

Introducing SSL monitoring

The Pro Plan now monitors such cases and lets you know:

  • when the SSL certificate has errors including:
    • expiration
    • host mis-match
    • forcing insecure protocol (like SSLv2 or SSLv3)
  • and when the SSL certificate is getting close to expiry date (when 30, 15, 7 and 1 day is left) so that you can renew it in advance.

Note: “mixed-content SSL warnings” are not detected as they are not caused by the  SSL certificate.

The feature is available by default for all HTTP and keyword monitors whose URLs start with “https”.

Customizing its usage

It is possible to:

  • disable SSL monitoring and/or “ignore SSL errors” for selected monitors from the “Add/Edit Monitor dialogs”. This is handy if the website uses a self-signed certificate.
  • choose which alert contacts will get “SSL expiry notifications” from the “My Settings>Alert Contacts>Add/Edit Alert Contact dialogs”.
    • By default, all alert contact types except “SMS, mobile Push, Pushbullet, Boxcar and Pushover” are enabled considering they are non-intrusive.

Important info: The feature will become active by 20 September 2017 to make sure any customization can be performed in advance.

Excited to have this feature being available and hope that it helps for a better uptime :).

Update (24 Oct 2017)

Thanks to all the feedback received, we have applied a set of updates to make sure that this feature is easy-to-use and functional for everyone:

  • a certificate being self-signed is no more a reason for it to be detected as “down”
  • monitors with IP-based URLs (like https://8.8.8.8) are not checked for SSL errors
  • expiration notifications for certificates by Let’s Encrypt and Cloudflare are only triggered if 3 days or less are left for expiry as these certificates are mostly auto-renewed close to the expiry date.
  • ssl settings for all monitors can be changed in bulk using the bulk actions dialog (can be found just under the “Add Monitor button”).
If you find Uptime Robot useful, help us spreading the word:

Comments

  1. Alex

    Awesome news! It’d be great if the TLS monitoring could be pilot-tested on 1-3 free monitors before upgrading to pro.

    Reply
    1. Umut Muhaddisoglu Post author

      Totally understand the need. On the other hand, it is a pretty straightforward feature and will work just as described.

      Reply
  2. Brian

    Thank you, thank you, thank you! You delivered as promised!

    Reply
  3. Jonathan

    Brilliant, thanks!

    Reply
  4. Sasha Odarchuk

    What about 1-3-5 free ssl-monitors for free Plan ? :)

    Reply
  5. Nick Pierno

    Right on! I’ve been chomping at the bit for this! Your pricing model, solid app and interface, and now this feature make UptimeRobot a total no-brainer for me.

    Thanks!

    Reply
  6. Sami

    This feature is a huge win. Some questions:
    -Will this feature be customizable in terms of expiration date thresholds? (Notify me when epxiring in 30 days, 60 days, 7 days, etc.?)
    -Will this feature test all certificates and/or validate the entire chain? If so, does a failure in the chain result in an alert?

    Reply
    1. Umut Muhaddisoglu Post author

      It is currently set to 30, 15, 7 and 1 day for notifications.

      The system checks for the cert to be generated by a known CA but the full chain is not validated.

      Reply
  7. Mike

    Quick question, how will this work with certificates on domains that are behind a proxy like Cloudflare?

    Reply
    1. Umut Muhaddisoglu Post author

      Just added this as an update to this post.

      Reply
  8. Mike

    Thanks – brilliant news!

    Have been caught out a couple of times by SSL certificates not auto-renewing, so this is a really helpful feature.

    Keep up the great work!

    Reply
  9. Miles Kailburn

    Any plans to include domain expiration as well?

    Reply
    1. Umut Muhaddisoglu Post author

      That is not in the roadmap for the next few months.. Yet, that is something we are discussing :)

      Reply
  10. Ralph

    Great feature. However, I got a false alarm earlier today “is currently DOWN (SSL Insecure-Protocol)”. Then I got another alert informing me that the monitor “back UP (HTTP 200 – OK) (It was down for 1 minutes and 1 seconds).” I found this blog post while searching for what seemed like an anomaly at the time.

    Reply
    1. Umut Muhaddisoglu Post author

      That was a bug we realized after introducing the feature and it is all fixed now.

      Reply
  11. Jan-Petter

    Awesome. It would also be great to be able to see the expiration date in the dashboard, along with the individual monitors statistics.

    Reply
    1. Umut Muhaddisoglu Post author

      We plan to do that in the next few weeks.

      Reply
  12. Alex

    Awesome. This was indeed a much-awaited feature.

    Interestingly, today morning I had noticed that you guys are sponsoring Caddy. I was reading about it and I noticed your logo on their website.

    Reply
    1. Umut Muhaddisoglu Post author

      Yes, we sponsored 2 SSL-related projects this year which we also use: Caddy and Let’s Encrypt.

      And, both are great :).

      Reply
  13. Mike

    This actually saved me this morning! Had an alert come through and the Let’s Encrypt certificate hadn’t auto-renewed due to a server error. So it’s already proved its worth to me! Excellent feature – very useful! Mike

    Reply
    1. Umut Muhaddisoglu Post author

      So happy to hear that it already helped. Awesome.

      Reply
  14. Chris

    Great to see the re-release of this feature!

    Reply
  15. Kevin

    This is a really helpful change for companies with many domains. Regarding the setup of this:
    Is there a way to bulk-replace “http” with “https”? Instead of manually editing each URL…

    Reply
    1. Umut Muhaddisoglu Post author

      Sorry to say that there is bulk editing for monitor URLs. Yet, if you have too many monitors, please feel free to contact us from [email protected] and we’d love to help.

      Reply
  16. jgus

    Two more things would REALY be a great added value to UptimeRobot.

    1. Domain name expiration warning, just like SSL monitoring when the domain name is going to expire in the next 30, 15, 7, and 1 days. I would love to see it included for free with an HTTP monitor by domain name, but then you could make additional revenue by also having Domain Expiration monitoring as a separate monitoring type as a lot of people would have a lot of domains to monitor but not even have the need to be monitoring an HTTP website.

    2. DNS Change Monitoring. Monitor all the main records (NS, A, MX, etc.) and alert if they change. Would also love to see this included for free in an HTTP monitor but again have it as a separate monitor type also as people would have additional domans for DNS Change monitoring that don’t need an HTTP monitor and that would create more monitors and more revenue for UptimeRobot.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>