Stop Outages and Security Incidents Before They Happen
Cert Spotter monitors your domains for expiring, unauthorized, and invalid SSL certificates, so you can act before an incident, not after.
Trusted at










Improve Security
Attackers can use ill-gotten certificates to impersonate your website and intercept data from your customers.
You shouldn't be in the dark when this happens. Cert Spotter monitors Certificate Transparency logs and alerts you when an unauthorized certificate is issued for one of your domains, protecting you from certificate authority vulnerabilities, DNS tampering, BGP hijacking, and subdomain takeover.
Avoid Outages
Expired, revoked, or incorrectly-installed certificates cause browser errors that drive customers away from your website and cost you business.
Wouldn't you rather learn about problems before your customers notice them? Cert Spotter inventories and monitors your domain's certificates — even certificates installed by Shadow IT — and alerts you so you can fix problems before they cost you money.
We find problems that others miss
Certificates are a notoriously complex topic. You need a monitoring solution that you can trust to reliably detect obscure edge cases.
SSLMate founder Andrew Ayer has contributed to the standards for Certificate Transparency and given invited talks at Apple and Google about Certificate Transparency monitoring. His security research has led to changes in the policies for certificate issuance. When you use Cert Spotter, his expertise is put to work monitoring your certificates.
We don't bother you with false alarms
When's the last time you heard a car alarm and thought a car was being stolen?
A monitoring system that pesters you with false alarms is useless because you begin to ignore the alerts. Most Certificate Transparency monitors alert you about every single certificate for your domains, making it hard to notice when a malicious certificate is issued.
When you use Cert Spotter, you can tell us ahead-of-time about legitimate certificates or trusted certificate authorities, and we won't alert you about certificates matching your specification. When you do receive an alert, you'll know to take it seriously.
We help you fix problems - even if you're not a certificate expert
Cert Spotter provides clear diagnostics and instructions for fixing problems, so you don't waste precious time responding to an incident.
Incorrect certificate chain installed? Cert Spotter provides a link to download the correct chain. Unauthorized certificate detected? Cert Spotter provides revocation instructions tailored for the certificate authority which issued the certificate.
Features
- Flexible Notifications Receive alerts by email, webhook, or Slack notification
- Certificate Inventory Your certificates are found and monitored automatically
- Subdomain Discovery Your subdomains are found and monitored automatically
- Web Dashboard See all your certificates and endpoints in one place
- Expiration Monitoring Get alerts when certificates haven't been renewed yet
- Installation Monitoring Correct chain, matching hostname, proper OCSP stapling, and more
- Compliance Monitoring Ensure your certs comply with browser CT policies
- Unknown Certificate Alerts Get alerts when a certificate is issued by an untrustworthy issuer
- CAA Monitoring Get alerts when a CAA record changes or a certificate violates your CAA policy
- MTA-STS Monitoring Ensure your email domains comply with MTA-STS policies
- MTA-STS Automation Effortlessly publish correct MTA-STS policies
- Monitor Multiple IPs and Ports All of an endpoints' IP addresses are monitored, and you can customize the port numbers