The renewal succeeded on disk, but your server is still handing out the old certificate. You find out the same afternoon, while you can still reload quietly, instead of when it expires.
Your certificate was fine. The CA chain behind it was not, and the whole site went down anyway (this is what AddTrust did in 2020). You get warned about a dying link in the chain, not just the leaf.
The first sign was a screenshot in your inbox. Instead, you get one clear alert at 30, 14, 7, and 1 day, plus an instant heads-up on chain breaks, hostname mismatches, and unexpected certificate changes.
Every 6 hours (down to 15 minutes on Agency), against the exact certificate your visitors receive. Any port, IPv4 and IPv6, wildcards and SANs understood.
Email or any webhook. No flapping, no duplicates. A renewed certificate quietly re-arms its own reminders.
A weekly all-clear digest confirms everything is green. If it doesn’t arrive, that tells you something too.
Coming from TrackSSL? See the side-by-side comparison
Check a domain right now — two seconds, no account. Like what you see? Your first three certificates are free forever.