Available now Web app · self-hosted on your server

📜 Certwatch

SSL certificate and domain expiry monitoring you own forever.

Uptime-tool SSL add-ons and SSLMate-style monitors run $10 to $20 a month, roughly $360 to $720 over three years for 50 domains. One expired cert is a 2am page either way. Certwatch does a real TLS handshake against every site you care about on a schedule, and alerts you by email or webhook at 30, 14, 7 and 1 days before a cert or the domain itself expires. $24, once.

$10–20/mo forever $24once
Screenshot on the way

Certwatch screenshot is being captured — the app is shipped and real.

What's in the box

Features

Traffic-light dashboard

Green over 30 days, yellow at 30 or under, red under 7 days, or for expired, invalid or unreachable hosts.

Real TLS handshake checks

Node tls checks expiry, issuer, SAN list, chain validity, self-signed certs and weak keys (RSA under 2048, EC under 224).

Domain WHOIS expiry

Best-effort registry lookups so the domain registration itself does not lapse either.

Threshold alerts

Configurable days (default 30, 14, 7, 1) via webhook and SMTP email, with exactly one alert per threshold per certificate.

Chain viewer

See the full presented certificate chain per check in the UI.

Check history

Every check is stored, and unreachable hosts are recorded with the error.

The receipt

Certwatch vs SSLMate-style SSL monitors

SSLMate-style SSL monitors at $10–20/mo runs roughly $180/year — $360 over two years. Certwatch is $24, once.

CertwatchSSLMate-style SSL monitors
Price$24 once$10–20/mo
3 years, 50 domains$24$360–720
Handshake checks (expiry, chain, keys)YesYes
Domain (WHOIS) expiryYes, best-effortSometimes
Email + webhook alertsYesYes
Data on your serverYesNo
Domain limitsNoneUsually tiered
Source you can readYes, MITNo

Two months of a paid SSL monitor covers Certwatch, and one cert it saves from expiring covers the 2am page it would have cost you.

Setup

Three steps, no subscription

STEP 01

Buy once on Whop

One payment of $24 gets you the packaged 1-click installer, or clone the MIT source at github.com/bensblueprints/ssl-cert-monitor and run it yourself for free.

STEP 02

Deploy on your own server

docker compose up on a $5 VPS that can reach your hosts, or run the Electron desktop build, adding SMTP credentials to .env if you want email alerts.

STEP 03

Add your domains

Point it at the sites you care about; it runs real TLS handshakes on a schedule and pages you before anything expires.

FAQ

Honest answers

Is it really free on GitHub?

Yes. Certwatch is MIT-licensed at github.com/bensblueprints/ssl-cert-monitor and always will be. The $24 buys the packaged 1-click installer; building from source is free.

Where does my monitoring data live?

In a SQLite database on your own server. The checker connects directly to your hosts, so run it from a box that can reach them, and nothing goes to any third-party API.

How reliable is the domain-expiry check?

Certificate checks are the reliable signal. WHOIS domain expiry is best-effort: some TLDs publish no expiry and some rate-limit, so treat it as a bonus rather than the primary alarm.

Is this a subscription in disguise?

No. $24 once, no renewal, no per-domain tiering, no license server. Webhooks work with zero config; deploy it and it keeps watching your certs.

Own Certwatch forever

$24 once. Deploy on your own server — your data never leaves it. No renewal, no account with us, no meter. Or build it yourself from the MIT source — it's the same app.