Introducing “SSL Monitoring”

HTTPs is becoming the “default” for any website whether it is a blog, portal, e-commerce or corporate one.

And, this year, Uptime Robot has sponsored 2 great projects, Let’s Encrypt (a free SSL CA) and Caddy (a free web server with SSL built-in) to help pushing this forward.

However, a website with an SSL certificate requires an extra layer of monitoring, “making sure the SSL works as expected”, as a certificate:

  • can expire
  • can produce errors (host mismatch, use insecure protocols like SSLv3..).

Introducing SSL monitoring

The Pro Plan now monitors such cases and lets you know:

  • when the SSL certificate has errors including:
    • expiration
    • host mis-match
    • forcing insecure protocol (like SSLv2 or SSLv3)
  • and when the SSL certificate is getting close to expiry date (when 30, 15, 7 and 1 day is left) so that you can renew it in advance.

Note: “mixed-content SSL warnings and revoked certificates” are currently not supported.

The feature is available by default for all HTTP and keyword monitors whose URLs start with “https”.

Customizing its usage

It is possible to:

  • disable SSL monitoring and/or “ignore SSL errors” for selected monitors from the “Add/Edit Monitor dialogs”. This is handy if the website uses a self-signed certificate.
  • choose which alert contacts will get “SSL expiry notifications” from the “My Settings>Alert Contacts>Add/Edit Alert Contact dialogs”.
    • By default, all alert contact types except “SMS, mobile Push, Pushbullet, Boxcar and Pushover” are enabled considering they are non-intrusive.

Important info: The feature will become active by 20 September 2017 to make sure any customization can be performed in advance.

Excited to have this feature being available and hope that it helps for a better uptime :).

Update (24 Oct 2017)

Thanks to all the feedback received, we have applied a set of updates to make sure that this feature is easy-to-use and functional for everyone:

  • a certificate being self-signed is no more a reason for it to be detected as “down”
  • monitors with IP-based URLs (like https://8.8.8.8) are not checked for SSL errors
  • expiration notifications for certificates by Let’s Encrypt and Cloudflare are only triggered if 3 days or less are left for expiry as these certificates are mostly auto-renewed close to the expiry date.
  • ssl settings for all monitors can be changed in bulk using the bulk actions dialog (can be found just under the “Add Monitor button”).
If you find Uptime Robot useful, help us spreading the word:

Comments

  1. Alex

    Awesome news! It’d be great if the TLS monitoring could be pilot-tested on 1-3 free monitors before upgrading to pro.

    Reply
    1. Umut Muhaddisoglu Post author

      Totally understand the need. On the other hand, it is a pretty straightforward feature and will work just as described.

      Reply
  2. Brian

    Thank you, thank you, thank you! You delivered as promised!

    Reply
  3. Jonathan

    Brilliant, thanks!

    Reply
  4. Sasha Odarchuk

    What about 1-3-5 free ssl-monitors for free Plan ? :)

    Reply
  5. Nick Pierno

    Right on! I’ve been chomping at the bit for this! Your pricing model, solid app and interface, and now this feature make UptimeRobot a total no-brainer for me.

    Thanks!

    Reply
  6. Sami

    This feature is a huge win. Some questions:
    -Will this feature be customizable in terms of expiration date thresholds? (Notify me when epxiring in 30 days, 60 days, 7 days, etc.?)
    -Will this feature test all certificates and/or validate the entire chain? If so, does a failure in the chain result in an alert?

    Reply
    1. Umut Muhaddisoglu Post author

      It is currently set to 30, 15, 7 and 1 day for notifications.

      The system checks for the cert to be generated by a known CA but the full chain is not validated.

      Reply
  7. Mike

    Quick question, how will this work with certificates on domains that are behind a proxy like Cloudflare?

    Reply
    1. Umut Muhaddisoglu Post author

      Just added this as an update to this post.

      Reply
  8. Mike

    Thanks – brilliant news!

    Have been caught out a couple of times by SSL certificates not auto-renewing, so this is a really helpful feature.

    Keep up the great work!

    Reply
  9. Miles Kailburn

    Any plans to include domain expiration as well?

    Reply
    1. Umut Muhaddisoglu Post author

      That is not in the roadmap for the next few months.. Yet, that is something we are discussing :)

      Reply
  10. Ralph

    Great feature. However, I got a false alarm earlier today “is currently DOWN (SSL Insecure-Protocol)”. Then I got another alert informing me that the monitor “back UP (HTTP 200 – OK) (It was down for 1 minutes and 1 seconds).” I found this blog post while searching for what seemed like an anomaly at the time.

    Reply
    1. Umut Muhaddisoglu Post author

      That was a bug we realized after introducing the feature and it is all fixed now.

      Reply
  11. Jan-Petter

    Awesome. It would also be great to be able to see the expiration date in the dashboard, along with the individual monitors statistics.

    Reply
    1. Umut Muhaddisoglu Post author

      We plan to do that in the next few weeks.

      Reply
      1. Grant

        You mentioned that we’d be able to see SSL Expiry days/dates in the dashboard soon (~October) – has that been done yet as I cant seem to find this info
        THanks
        Grant

        Reply
      2. TDR

        When you are testing https how are you determining if its successful? Not see any wget or such.

        Thanks,

        TDR

        Reply
      3. Rob Bathgate

        Is this still in the pipeline? I’ve just upgraded for this feature, but don’t see the expiry date in the dashboard?

        Also, has domain expiry monitoring moved into your timeline yet? :-)

        Thanks
        Rob

        Reply
  12. Alex

    Awesome. This was indeed a much-awaited feature.

    Interestingly, today morning I had noticed that you guys are sponsoring Caddy. I was reading about it and I noticed your logo on their website.

    Reply
    1. Umut Muhaddisoglu Post author

      Yes, we sponsored 2 SSL-related projects this year which we also use: Caddy and Let’s Encrypt.

      And, both are great :).

      Reply
  13. Mike

    This actually saved me this morning! Had an alert come through and the Let’s Encrypt certificate hadn’t auto-renewed due to a server error. So it’s already proved its worth to me! Excellent feature – very useful! Mike

    Reply
    1. Umut Muhaddisoglu Post author

      So happy to hear that it already helped. Awesome.

      Reply
  14. Chris

    Great to see the re-release of this feature!

    Reply
  15. Kevin

    This is a really helpful change for companies with many domains. Regarding the setup of this:
    Is there a way to bulk-replace “http” with “https”? Instead of manually editing each URL…

    Reply
    1. Umut Muhaddisoglu Post author

      Sorry to say that there is bulk editing for monitor URLs. Yet, if you have too many monitors, please feel free to contact us from [email protected] and we’d love to help.

      Reply
  16. jgus

    Two more things would REALY be a great added value to UptimeRobot.

    1. Domain name expiration warning, just like SSL monitoring when the domain name is going to expire in the next 30, 15, 7, and 1 days. I would love to see it included for free with an HTTP monitor by domain name, but then you could make additional revenue by also having Domain Expiration monitoring as a separate monitoring type as a lot of people would have a lot of domains to monitor but not even have the need to be monitoring an HTTP website.

    2. DNS Change Monitoring. Monitor all the main records (NS, A, MX, etc.) and alert if they change. Would also love to see this included for free in an HTTP monitor but again have it as a separate monitor type also as people would have additional domans for DNS Change monitoring that don’t need an HTTP monitor and that would create more monitors and more revenue for UptimeRobot.

    Reply
    1. Vaibhav Mule

      1. Domain Name Expiration – I’m not sure as because you get lots of email for domain registrar, this is worthy feature only when you are interested in alerts like SMS, Twitter, push, Slack, HipChat, web-hooks.

      2.DNS Change Monitorings – I don’t understand use case here, Why would a person interested in DNS Change monitoring instead of HTTP.

      Reply
      1. Mario Peshev

        Agreed on both the domain name expiration and the DNS change monitoring.

        The first bit is important whenever you are a maintenance/dev team which runs separate tests from the customer. Also, the domain may be registered via an accounting email (or someone else within the organization) and gets missed for whatever reason.

        Since there already is an SSL reminder, a domain expiration notice would be a wonderful addition.

        Reply
        1. Umut Muhaddisoglu Post author

          Noted all the suggestions in this thread and thanks very much for them. We’ll definitely be adding at least some of them.

          Reply
  17. Vincent Tobiaz

    I love having the auto SSL checker, this is almost a must-have tool for any web or digital marketing freelancer consultant or agency. Especially with Chrome marking everything as insecure if it has a form and doesn’t have SSL soon.

    Quick tip – I had a few clients with old Godaddy shared hosting cPanel sites with old WordPress installations unattended, they get hacked easily. Not only add a keyword monitor to the home page but also add it to the WP-Admin page for “Lost your password?”

    Great tool amazing value for the hassle it saves you when you fix an outage quicker than a client notices it.

    Reply
  18. Adrian

    Hi, about this topic ..how to enabled Get SSL expiration reminder notifications using API ? Thanks in advance

    Reply
  19. Malte

    The options contain a checkbox that says “disable ssl errors” with red text that says “PRO only”.
    So the feature to not warn users about any SSL errors, is disabled as default, and is a pro only feature. That sounds an awful lot like SSL warnings are *enabled* by default..

    Reply
    1. Umut Muhaddisoglu Post author

      Agree and this is now a task in to-do-list.

      Reply
  20. Marc Baron

    One timely feature to add value might be a check for any of the Symantec certificates that are being distrusted by Chrome & Firefox. I did a quick test monitor on a site that I know to be using one of the Symantec certs and the monitor doesn’t register it as a problem but Chrome and Firefox are both throwing errors for that site today.

    https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html
    https://blog.mozilla.org/security/2018/03/12/distrust-symantec-tls-certificates/

    Reply

Leave a Reply to jgus Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>