Tag Archives: SSL

HTTPs is becoming the “default” for any website whether it is a blog, portal, e-commerce or corporate one.

And, this year, Uptime Robot has sponsored 2 great projects, Let’s Encrypt (a free SSL CA) and Caddy (a free web server with SSL built-in) to help pushing this forward.

However, a website with an SSL certificate requires an extra layer of monitoring, “making sure the SSL works as expected”, as a certificate:

  • can expire
  • can produce errors (host mismatch, use insecure protocols like SSLv3..).

Introducing SSL monitoring

The Pro Plan now monitors such cases and lets you know:

  • when the SSL certificate has errors including:
    • expiration
    • host mis-match
    • self-signed (not an actual error but raises a flag on browsers)
    • untrusted root
    • insecure protocol (like SSLv2 or SSLv3)
  • and when the SSL certificate is getting close to expiry date so that you can renew it in advance

Note: “mixed-content SSL warnings” are not detected as they are not caused by the  SSL certificate.

The feature is available by default for all HTTP and keyword monitors whose URLs start with “https”.

Customizing its usage

It is possible to:

  • disable SSL monitoring and/or “ignore SSL errors” for selected monitors from the “Add/Edit Monitor dialogs”. This is handy if the website uses a self-signed certificate.
  • choose which alert contacts will get “SSL expiry notifications” from the “My Settings>Alert Contacts>Add/Edit Alert Contact dialogs”.
    • By default, all alert contact types except “SMS, mobile Push, Pushbullet, Boxcar and Pushover” are enabled considering they are non-intrusive.

Important info: The feature will become active by 20 September 2017 to make sure any customization can be performed in advance.

Excited to have this feature being available and hope that it helps for a better uptime :).

You’ll remember that SSL 3.0 is no longer secure since October 2014 with the discovery of Poodle attack. And, it is also disabled by default on all popular browsers.

On the other hand, there are still a small number of websites that support SSL 3.0 (which must definitely be disabled).

Starting tomorrow (6 April 2016), we’ll also be dropping support on sending SSL 3.0 compatible requests which will make the monitoring “not function” for those websites (a website’s SSL 3.0 support can be checked from SSL Labs).

Once Uptime Robot detects that a website requires SSL 3.0 for HTTPs communication, it’ll not mark the monitor as down but pause it and notify the user via e-mail with the information for taking action.

 P.S> Disable SSLv3 is a nice website that shares “web server specific information” regarding “how to disable SSL 3.0″