SSLMate Change Log

This page lists new features and other notable changes in reverse chronological order. Stay up-to-date by subscribing with Atom or email.

2020-11-12: Monitor and Automate MTA-STS with Cert Spotter

Cert Spotter now automatically monitors your domains for MTA-STS problems, and can optionally automate the publication of correct MTA-STS policies. Read our blog post to learn more.

2020-09-14: Adjustments to Auto-Renewal Schedule

Certificates managed by SSLMate Agent will now be renewed using the following schedule:

  • Let's Encrypt certificates will be renewed 60 days before expiration and deployed 30 days before expiration.
  • Sectigo certificates will be renewed 31 days before expiration and deployed 30 days before expiration.

Certificates not managed by SSLMate Agent will continue to auto-renew 30 days before expiration, as now.

This change is being made to provide consistency across all types of certificates: renewed certificates will always be deployed 30 days prior to expiration of the current certificate, regardless of the certificate's product type or whether it's managed by SSLMate Agent. Additionally, a 30 day deployment schedule aligns with Cert Spotter's default behavior to warn about certificates that are expiring in 28 days or less.

2020-08-10: Discontinuation of Cert Spotter APIv0

Nearly two years ago, we announced version 1 of the Cert Spotter API, featuring several improvements over version 0, such as incremental monitoring and the ability to tailor the response fields to suit your needs. We also announced that APIv0 would be turned off at a future date. Since most users have now upgraded to APIv1, and we are no longer developing APIv0, we are now ready to announce our discontinuation plans for APIv0.

Effective immediately, newly-created accounts and accounts which have not recently used APIv0 will need to specify a special query string parameter to use APIv0, as documented here.

Starting November 2, 2020, we will begin periodic "brownouts" of APIv0. For one hour a day, some or all APIv0 requests will return an error. The schedule of brownouts can be found here.

On February 2, 2021, we will disable APIv0 entirely.

If you are still using APIv0, we recommend upgrading to APIv1 as soon as possible. Please get in touch if you have any questions as you make the transition.

2020-07-21: Cleanup of Monitored and Excluded Sub-Domains

Automatically discovered sub-domains are now automatically removed from your monitored endpoint list once there are no more valid certificates or DNS records for the sub-domain. This keeps your endpoint list tidy and ensures you aren't paying to monitor sub-domains that no longer exist.

Additionally, the settings page now has a button to remove sub-domain exclusions that are no longer necessary because the excluded sub-domain no longer exists.

2020-07-15: 30 Day Auto-Renewal Period

Certificates expiring on or after 2020-09-24 with auto-renew enabled will be renewed 30 days before expiration instead of the current 60 days. The notice of upcoming renewal will be sent 37 days before expiration instead of 67 days.

This change is being made to comply with the 398 day maximum certificate lifetime instituted by Apple, Chrome, and Mozilla. Previously, SSLMate would issue renewed certificates with a 425 (365 + 60) day lifetime to ensure a new expiration date exactly one year after the current expiration date. Now, we will issue renewed certificates with a 395 (365 + 30) day lifetime.

For certificates managed by SSLMate Agent, we will wait 15 days before deploying the renewed certificate rather than the current 30 days. This will allow your server to tolerate a client clock skew of up to 15 days.

2020-05-05: Push Notifications

You can now receive realtime push notifications when Cert Spotter discovers an unknown certificate, or when SSLMate issues you a certificate. Requires Android, Chrome OS, or a modern desktop browser. (Unfortunately, iOS does not support the Web Push standard.)

Visit your push notifications page to configure.

2020-03-12: Flexible Email Routing

If you subscribe to the Startup or Business plans, you can now route certain account emails to alternative email addresses:

  • Invoices
  • Unknown certificate alerts
  • Daily summary about expirations detected by Cert Spotter

For example, you could route invoices to your accountant, unknown certificate alerts to your security team, and the expiration emails to your infrastructure team.

Visit your email preferences page to configure.

2020-03-12: Account Audit Logs

SSLMate now keeps an audit log of the following account actions:

  • Login
  • Change password
  • Change email address
  • Add/remove security key

Logs entries are retained for at least 7 days, depending on the plan you are subscribed to. (The business plan offers unlimited retention.)

2020-02-10: Cert Spotter: Use CAA records to authorize certificate issuance

You can now configure Cert Spotter to consult CAA records when deciding if a certificate is authorized. Visit your Cert Spotter settings to enable. Read our blog post for details.

2020-02-07: Fixed Bug Affecting 2FA with YubiKey 5

This week, we fixed a bug with two factor authentication which prevented the YubiKey 5 series (and possibly other security keys that support FIDO2) from being added to your account. If you had trouble adding a security key to your account, we recommend trying again.

2020-01-28: Cert Spotter: Improved wildcard handling

Cert Spotter now considers wildcard certificates when monitoring a hostname. For example, if you are monitoring, Cert Spotter will examine certificates for * when looking for expiring and unauthorized certificates.

2020-01-06: Phishing-Proof Two Factor Authentication

You can now use security keys such as the YubiKey as a second, phishing-proof authentication factor for your SSLMate account. Visit your account settings to enable.

We plan to support passwordless authentication in the near future.

2020-01-06: Cert Spotter: Yearly Subscriptions

Cert Spotter can now be purchased on a yearly basis. If you're currently a subscriber, you can switch to a yearly plan.

2020-01-06: Preview: Cert Spotter: API to Add/Remove Monitored Domains

We're testing out an API for programatically adding/removing the domains that are monitored by Cert Spotter. Please contact us if you are interested.

2020-01-06: Preview: Cert Spotter API: Firehose

We're testing out a firehose option for the Cert Spotter API to allow you to ingest all new certificates from public Certificate Transparency logs, using one convenient API endpoint. Please contact us if you are interested.

2019-12-16: Cert Spotter: expiration threshold can now be configured

You can now configure the number of days before expiration at which Cert Spotter begins alerting about an expiring certificate. (Previously, it was always 30 days.)

2019-12-16: Cert Spotter: sub-domain inclusion/exclusion can now be configured

When adding a monitored domain, you can now choose whether or not sub-domains should also be monitored. (Previously, sub-domains were always monitored.)

When adding an excluded sub-domain, you can now choose whether or not sub-domains of the excluded sub-domain should also be excluded. (Previously, sub-sub-domains were never excluded.)

2019-12-11: Change Log

SSLMate now has a change log that lists new features and other notable changes.

Get Started with SSLMate Today

Click to sign up