Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.devhelm.io/llms.txt

Use this file to discover all available pages before exploring further.

By the end of this guide, you’ll have an HTTP monitor that alerts you before your TLS certificates expire, giving you time to renew.
  • DevHelm CLI installed or an API token
  • An HTTPS endpoint to monitor

Add an SSL expiry assertion

The ssl_expiry assertion checks how many days remain before the TLS certificate expires. Add it to any HTTP monitor: 
devhelm monitors create \
  --name "example.com SSL" \
  --type HTTP \
  --url https://example.com \
  --frequency 3600 \
  --regions us-east,eu-west

devhelm assertions create <monitor-id> \
  --type ssl_expiry \
  --min-days-remaining 14
This setup:
  • Warns at 30 days — time to plan renewal
  • Fails at 14 days — urgent action needed

Choosing thresholds

ThresholdUse case
30 days (warn)Standard renewal reminder with plenty of lead time
14 days (fail)Critical alert — certificate is close to expiring
7 days (fail)Emergency — immediate action required
If you use auto-renewal (Let’s Encrypt, AWS ACM), set a shorter fail threshold (7 days). The warn threshold still catches renewal failures early.

Check frequency

Certificate expiry doesn’t change rapidly, so checking every hour (3600) or every 6 hours (21600) is sufficient. This saves check quota while still catching issues promptly.

Combine with other assertions

SSL monitoring works alongside other HTTP assertions: 
assertions:
  - config:
      type: status_code
      expected: "200"
      operator: equals
    severity: fail
  - config:
      type: response_time
      thresholdMs: 5000
    severity: warn
  - config:
      type: ssl_expiry
      minDaysRemaining: 14
    severity: fail

TLS verification

Set verifyTls: true (the default) to also catch invalid certificates, hostname mismatches, and untrusted CAs — the check fails immediately rather than just triggering the expiry assertion. Set verifyTls: false only for self-signed certificates in development environments.

Next steps

HTTP assertions

Full list of HTTP assertion types.

Alerting guide

Route certificate warnings to specific channels.

Monitors guide

Configure all monitor types.