Back to blog

Introducing the New Cert Spotter - with Expiration Monitoring, Alert Fatigue Reduction, and More

Today, we're launching a brand new version of Cert Spotter which protects your websites from costly outages caused by expired certificates, reduces alert fatigue by eliding notifications about legitimate certificates, and saves you time managing certificates with a new web dashboard.

We're also making some changes to Cert Spotter's pricing to reflect the new value that Cert Spotter provides. Please read on to learn about our changes.

Avoid Outages From Expired Certificates

Cert Spotter now monitors every one of your sub-domains found in Certificate Transparency logs for an up-to-date certificate. If any sub-domain has a certificate expiring in less than 30 days, we'll alert you, so you can prevent outages from forgotten certificates and broken automation.

We check for an up-to-date certificate by fetching the certificate used for HTTPS on port 443. If we can't connect to port 443, because the host is firewalled or otherwise inaccessible, we consult Certificate Transparency for the latest certificate for the hostname.

Our use of Certificate Transparency makes Cert Spotter more likely to find expiring certificates than traditional certificate expiration monitors, which only work with publicly-accessible endpoints and require you to manually configure individual sub-domains.

Reduce Alert Fatigue So You'll Always React When You Need To

Certificate Transparency alerts should be rare and taken seriously, not frequent and ignored like car alarms. Cert Spotter now provides two ways you can tell us about legitimate certificates so that you are only alerted about unauthorized certificates.

If you trust certain certificate authorities, you can choose not to be notified about certificates which they issue. Select your authorized certificate authorities

Alternatively, if your certificate issuance is automated, you can use a new API to automatically notify Cert Spotter about your legitimate certificates. We won't notify you about these certificates when we discover them. More information about the API

Easier Certificate Management With Central Web Dashboard

You no longer need to track your certificates in an error-prone spreadsheet or shared calendar. The new endpoint dashboard shows information about all of your domains and sub-domains in one place. For each endpoint, Cert Spotter tells you the expiration of the endpoint's most recent certificate, the issuer(s) of the endpoint's certificates, and whether the most recent certificate has been installed properly on the endpoint. A separate dashboard shows all endpoints with certificates expiring in the next 30 days so you know where to focus your attention.

New Pricing

First, since the new Cert Spotter does work for each of your sub-domains by monitoring them for expiration, pricing is now based on total number of endpoints, rather than domains. For example, monitoring 5 domains with 2 sub-domains each now costs the same as monitoring a single domain with 10 sub-domains. If you are currently a customer, this change won't affect you: we've grandfathered your account so you will immediately gain access to all of Cert Spotter's new features at the same price you're currently paying. (If you want, you can convert to per-endpoint pricing here.)

Second, we're discontinuing the free tier, and introducing a new set of plans, starting at $15 / month.

Discontinuing the free tier wasn't an easy decision to make, but it was a necessary one. Since Cert Spotter launched in 2016, the number of certificates has grown from 50 million to over 2 billion, making it significantly more costly to monitor Certificate Transparency. The free tier wasn't sustainable if we wanted to continue operating Cert Spotter while improving it to provide you with the best infrastructure monitoring possible.

Although SSLMate has been approached by investors, we've chosen to remain an entirely customer-funded company. That means we're guided by what is best for you, not what is best for venture capitalists. We're building a service for the long haul, not one that will be discontinued after an acquisition, or neglected when the next shiny object takes priority. Additionally, we're guided by what is good for the Internet, which is why we participate in the standards and policy forums for Certificate Transparency. Your subscription to Cert Spotter supports our efforts and helps ensure that Internet standards and policy are not decided solely by huge corporations.

We understand that some people might not want to pay for the new Cert Spotter, and for them we recommend the Facebook or Cloudflare monitors, which provide functionality similar to the old Cert Spotter. However, we think you'll want to use the new Cert Spotter. The price of Cert Spotter is far below the cost of a single outage from an expired certificate, which Cert Spotter helps prevent. And since Cert Spotter suppresses alerts for legitimate certificates, you're more likely to notice an alert for a rogue certificate, making you more secure. What's more, we reply to your emails, so if you ever have a question about a certificate, or need help getting an unwanted certificate revoked, expert help is just an email away.

If you currently use the free tier, we have subscribed you to an extended 90 day free trial of the new Cert Spotter. When the trial is over, you'll receive 20% off your subscription, forever, as long as you choose a plan before the trial ends on February 12, 2020.

If you have any questions about our changes or would like help using Cert Spotter's new features, shoot me an email at I thank you for your business.

Andrew Ayer
Founder, SSLMate