Categories
Announcements

Introducing “SSL Monitoring”

HTTPs is becoming the “default” for any website whether it is a blog, portal, e-commerce or corporate one.

And, this year, Uptime Robot has sponsored 2 great projects, Let’s Encrypt (a free SSL CA) and Caddy (a free web server with SSL built-in) to help pushing this forward.

However, a website with an SSL certificate requires an extra layer of monitoring, “making sure the SSL works as expected”, as a certificate:

  • can expire
  • can produce errors (host mismatch, use insecure protocols like SSLv3..).

Introducing SSL monitoring

The Pro Plan now monitors such cases and lets you know:

  • when the SSL certificate has errors including:
    • expiration
    • host mis-match
    • forcing insecure protocol (like SSLv2 or SSLv3)
  • and when the SSL certificate is getting close to expiry date (when 30, 15, 7 and 1 day is left) so that you can renew it in advance.

Note: “mixed-content SSL warnings and revoked certificates” are currently not supported.

The feature is available by default for all HTTP and keyword monitors whose URLs start with “https”.

Customizing its usage

It is possible to:

  • disable SSL monitoring and/or “ignore SSL errors” for selected monitors from the “Add/Edit Monitor dialogs”. This is handy if the website uses a self-signed certificate.
  • choose which alert contacts will get “SSL expiry notifications” from the “My Settings>Alert Contacts>Add/Edit Alert Contact dialogs”.
    • By default, all alert contact types except “SMS, mobile Push, Pushbullet, Boxcar and Pushover” are enabled considering they are non-intrusive.

Important info: The feature will become active by 20 September 2017 to make sure any customization can be performed in advance.

Excited to have this feature being available and hope that it helps for a better uptime :).

Update (24 Oct 2017)

Thanks to all the feedback received, we have applied a set of updates to make sure that this feature is easy-to-use and functional for everyone:

  • a certificate being self-signed is no more a reason for it to be detected as “down”
  • monitors with IP-based URLs (like https://8.8.8.8) are not checked for SSL errors
  • expiration notifications for certificates by Let’s Encrypt and Cloudflare are only triggered if 3 days or less are left for expiry as these certificates are mostly auto-renewed close to the expiry date.
  • ssl settings for all monitors can be changed in bulk using the bulk actions dialog (can be found just under the “Add Monitor button”).

46 replies on “Introducing “SSL Monitoring””

Totally understand the need. On the other hand, it is a pretty straightforward feature and will work just as described.

Right on! I’ve been chomping at the bit for this! Your pricing model, solid app and interface, and now this feature make UptimeRobot a total no-brainer for me.

Thanks!

This feature is a huge win. Some questions:
-Will this feature be customizable in terms of expiration date thresholds? (Notify me when epxiring in 30 days, 60 days, 7 days, etc.?)
-Will this feature test all certificates and/or validate the entire chain? If so, does a failure in the chain result in an alert?

It is currently set to 30, 15, 7 and 1 day for notifications.

The system checks for the cert to be generated by a known CA but the full chain is not validated.

Thanks – brilliant news!

Have been caught out a couple of times by SSL certificates not auto-renewing, so this is a really helpful feature.

Keep up the great work!

That is not in the roadmap for the next few months.. Yet, that is something we are discussing 🙂

Great feature. However, I got a false alarm earlier today “is currently DOWN (SSL Insecure-Protocol)”. Then I got another alert informing me that the monitor “back UP (HTTP 200 – OK) (It was down for 1 minutes and 1 seconds).” I found this blog post while searching for what seemed like an anomaly at the time.

Awesome. It would also be great to be able to see the expiration date in the dashboard, along with the individual monitors statistics.

You mentioned that we’d be able to see SSL Expiry days/dates in the dashboard soon (~October) – has that been done yet as I cant seem to find this info
THanks
Grant

Is this still in the pipeline? I’ve just upgraded for this feature, but don’t see the expiry date in the dashboard?

Also, has domain expiry monitoring moved into your timeline yet? 🙂

Thanks
Rob

Awesome. This was indeed a much-awaited feature.

Interestingly, today morning I had noticed that you guys are sponsoring Caddy. I was reading about it and I noticed your logo on their website.

Yes, we sponsored 2 SSL-related projects this year which we also use: Caddy and Let’s Encrypt.

And, both are great :).

This actually saved me this morning! Had an alert come through and the Let’s Encrypt certificate hadn’t auto-renewed due to a server error. So it’s already proved its worth to me! Excellent feature – very useful! Mike

This is a really helpful change for companies with many domains. Regarding the setup of this:
Is there a way to bulk-replace “http” with “https”? Instead of manually editing each URL…

Two more things would REALY be a great added value to UptimeRobot.

1. Domain name expiration warning, just like SSL monitoring when the domain name is going to expire in the next 30, 15, 7, and 1 days. I would love to see it included for free with an HTTP monitor by domain name, but then you could make additional revenue by also having Domain Expiration monitoring as a separate monitoring type as a lot of people would have a lot of domains to monitor but not even have the need to be monitoring an HTTP website.

2. DNS Change Monitoring. Monitor all the main records (NS, A, MX, etc.) and alert if they change. Would also love to see this included for free in an HTTP monitor but again have it as a separate monitor type also as people would have additional domans for DNS Change monitoring that don’t need an HTTP monitor and that would create more monitors and more revenue for UptimeRobot.

1. Domain Name Expiration – I’m not sure as because you get lots of email for domain registrar, this is worthy feature only when you are interested in alerts like SMS, Twitter, push, Slack, HipChat, web-hooks.

2.DNS Change Monitorings – I don’t understand use case here, Why would a person interested in DNS Change monitoring instead of HTTP.

Agreed on both the domain name expiration and the DNS change monitoring.

The first bit is important whenever you are a maintenance/dev team which runs separate tests from the customer. Also, the domain may be registered via an accounting email (or someone else within the organization) and gets missed for whatever reason.

Since there already is an SSL reminder, a domain expiration notice would be a wonderful addition.

Noted all the suggestions in this thread and thanks very much for them. We’ll definitely be adding at least some of them.

I love having the auto SSL checker, this is almost a must-have tool for any web or digital marketing freelancer consultant or agency. Especially with Chrome marking everything as insecure if it has a form and doesn’t have SSL soon.

Quick tip – I had a few clients with old Godaddy shared hosting cPanel sites with old WordPress installations unattended, they get hacked easily. Not only add a keyword monitor to the home page but also add it to the WP-Admin page for “Lost your password?”

Great tool amazing value for the hassle it saves you when you fix an outage quicker than a client notices it.

The options contain a checkbox that says “disable ssl errors” with red text that says “PRO only”.
So the feature to not warn users about any SSL errors, is disabled as default, and is a pro only feature. That sounds an awful lot like SSL warnings are *enabled* by default..

One timely feature to add value might be a check for any of the Symantec certificates that are being distrusted by Chrome & Firefox. I did a quick test monitor on a site that I know to be using one of the Symantec certs and the monitor doesn’t register it as a problem but Chrome and Firefox are both throwing errors for that site today.

https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html
https://blog.mozilla.org/security/2018/03/12/distrust-symantec-tls-certificates/

Hi,

I was wondering if you plan on changing the notification dates for cPanel certificates, as they basically follow the same model as Let’s Encrypt. They are generally set to auto-renew very close to the expiry date.

Thanks,
Rob

Hi Rob,

that’s a great question! It’s not on our priority list at the moment, but we will write it down and hopefully get back to it someday in the future, thanks for suggesting it.

Kristian

Do you plan to make the ssl expiry notification customizable?
We use cPanel as AutoSSL provider. The renew is fixed to 15 days before expiry.
We now get a warning 30 days before and mostly again 15 days before.
Because of these false warnings, all alarms might are no longer taken seriously.

Hi there,

thank you for your feedback, that’s a good idea 🙂 Unfortunately, this is not planned yet, we will reconsider it.

Hi Mark,

could you please specify what you have in mind? We will be happy to take a look at it.

Leave a Reply

Your email address will not be published. Required fields are marked *