Automating SSL Certificate Monitoring with APIs
Network
Why Certificates Expire Unexpectedly
Certificate management is often an afterthought. Certificates are renewed manually, renewal automation silently fails, or a new subdomain gets a cert with a short validity. The result: downtime, browser warnings, and broken API clients.
What to Monitor
| Check | Why |
|---|---|
| Days to expiry | Alert before renewal window closes |
| Subject / SANs | Confirm the cert covers the domain you're monitoring |
| Issuer | Detect unexpected issuer changes (supply chain risk) |
| Chain validity | Intermediate cert missing → mobile clients break |
| OCSP status | Revoked certificates still serve before expiry |
Using the API
curl -X POST https://api.toolkitapi.io/v1/devtools/ssl-check \
-H "X-API-Key: $API_KEY" \
-H "Content-Type: application/json" \
-d '{"domain": "example.com"}'
{
"domain": "example.com",
"issuer": "Let's Encrypt",
"subject": "example.com",
"sans": ["example.com", "www.example.com"],
"valid_from": "2026-04-01",
"valid_until": "2026-07-01",
"days_remaining": 37,
"chain_valid": true,
"ocsp_status": "good"
}
Alerting at 30 Days
import httpx
DOMAINS = ["example.com", "api.example.com", "mail.example.com"]
ALERT_THRESHOLD = 30
for domain in DOMAINS:
r = httpx.post(
"https://api.toolkitapi.io/v1/devtools/ssl-check",
headers={"X-API-Key": API_KEY},
json={"domain": domain},
)
data = r.json()
days = data.get("days_remaining", 0)
if days < ALERT_THRESHOLD:
send_alert(f"{domain} cert expires in {days} days!")
Schedule this in a cron job or GitHub Actions workflow to run daily. Run it weekly across your entire domain inventory to catch regressions early.