Skip to main content
By the end of this guide, you’ll have an HTTP monitor that alerts you before your TLS certificates expire, giving you time to renew.
  • DevHelm CLI installed or an API token
  • An HTTPS endpoint to monitor

Add an SSL expiry assertion

The ssl_expiry assertion checks how many days remain before the TLS certificate expires. Add it to any HTTP monitor: 
devhelm monitors create \
  --name "example.com SSL" \
  --type HTTP \
  --url https://example.com \
  --frequency 3600 \
  --regions us-east,eu-west

devhelm assertions create <monitor-id> \
  --type ssl_expiry \
  --min-days-remaining 14
This setup:
  • Warns at 30 days — time to plan renewal
  • Fails at 14 days — urgent action needed

Choosing thresholds

ThresholdUse case
30 days (warn)Standard renewal reminder with plenty of lead time
14 days (fail)Critical alert — certificate is close to expiring
7 days (fail)Emergency — immediate action required
If you use auto-renewal (Let’s Encrypt, AWS ACM), set a shorter fail threshold (7 days). The warn threshold still catches renewal failures early.

Check frequency

Certificate expiry doesn’t change rapidly, so checking every hour (3600) or every 6 hours (21600) is sufficient. This saves check quota while still catching issues promptly.

Combine with other assertions

SSL monitoring works alongside other HTTP assertions: 
assertions:
  - config:
      type: status_code
      expected: "200"
      operator: equals
    severity: fail
  - config:
      type: response_time
      thresholdMs: 5000
    severity: warn
  - config:
      type: ssl_expiry
      minDaysRemaining: 14
    severity: fail

TLS verification

Set verifyTls: true (the default) to also catch invalid certificates, hostname mismatches, and untrusted CAs — the check fails immediately rather than just triggering the expiry assertion. Set verifyTls: false only for self-signed certificates in development environments.

Next steps

HTTP assertions

Full list of HTTP assertion types.

Alerting guide

Route certificate warnings to specific channels.

Monitors guide

Configure all monitor types.