SSL & Domain Expiry
SiteBrief tracks when your clients' SSL certificates and domains expire — so you never get caught off-guard by a renewal you forgot.
SSL certificate tracking
Every time SiteBrief performs an uptime check on an HTTPS site, it also reads the SSL certificate expiry date from the TLS handshake. No extra setup required — it happens automatically for all HTTPS URLs.
| Days remaining | Status | What you see |
|---|---|---|
| 30+ days | 🟢 Healthy | Days shown in green |
| 14–29 days | 🟡 Warning | Days shown in yellow |
| 0–13 days | 🔴 Critical | Days shown in red |
| Expired / invalid | 🔴 Down | Site marked as down, alert sent |
What SSL errors trigger a down alert
- Certificate expired — the cert's validity period has ended
- Hostname mismatch — the cert is valid but not for this domain (e.g. cert is for www.example.com but you're monitoring example.com)
- Self-signed certificate — not trusted by a public CA
- Untrusted CA — signed by a CA not in the standard trust store
- Certificate chain broken — intermediate certificates are missing
*.example.com) are fully supported. SiteBrief checks the certificate presented for the exact hostname you're monitoring.Domain expiry tracking
Domain expiry is checked using the RDAP protocol (Registration Data Access Protocol) — the modern replacement for WHOIS. SiteBrief queries the relevant domain registry to get the expiry date directly from the source.
Unlike SSL (which is checked on every uptime check), domain expiry is checked once per dayautomatically. You can also trigger a manual refresh at any time using the refresh icon next to the "Domain expires" card on the site detail page.
Why domain expiry shows '—'
Some domains show a dash (—) instead of an expiry date. This happens when:
- The TLD doesn't support RDAP — some country-code TLDs (ccTLDs) like
.ua,.ru,.cndon't publish RDAP endpoints. We can't retrieve expiry data for these. - Privacy protection is enabled — some registrars hide expiry dates when WHOIS/RDAP privacy is activated on the domain.
- The registry is temporarily unavailable— RDAP lookups can occasionally fail if the registry's servers are slow. A manual refresh usually resolves this.
.ua,.com.ua, .kiev.uaetc. will always show "—" for domain expiry. You'll need to track these renewals manually through your registrar.Alert thresholds
SiteBrief sends email alerts for both SSL and domain expiry at these milestones:
| When | Alert sent |
|---|---|
| 30 days before expiry | ⚠️ Warning alert — time to renew |
| 14 days before expiry | 🚨 Critical alert — renew immediately |
| 7 days before expiry | 🚨 Final warning alert |
| On expiry day | 🔴 Site marked down (SSL) / urgent alert (domain) |
Common scenarios
Scenario 1: Client's SSL is expiring in 10 days
SiteBrief has already sent a 14-day warning. Log in to the site detail page, note the exact expiry date shown, and contact your client's hosting provider or renew the certificate yourself. Most providers (Let's Encrypt, cPanel AutoSSL) auto-renew — verify that auto-renew is active.
Scenario 2: SSL expired — site is down
An expired SSL certificate causes browsers to show a hard security warning, effectively taking the site offline for all visitors. Renew the certificate, restart the web server (or wait for it to pick up the new cert), then verify in the site detail page that SiteBrief shows the new expiry date.
Scenario 3: Domain expiry shows dashes for a .ua site
This is expected — .ua doesn't support RDAP. Set a personal calendar reminder 60 days before the expected renewal date, or use your registrar's own expiry notifications.