Do I need to own or verify the domain I'm monitoring?
No. CertSentry checks what's publicly reachable, so you can monitor any domain or endpoint that resolves on the public internet — no DNS record to add, no file to upload, no agent to install.
This is exactly how agencies and MSPs use it: monitor a whole book of client domains for SSL and uptime without touching each client's stack, and without waiting on anyone to grant access.
What this means in practice
- You can start watching a domain in seconds.
- We never need credentials or access to your origin server.
- We read the same certificate, DNS records and HTTP responses that any visitor would — nothing more.
The one limitation
Because we only see what's public, CertSentry can't reach resources behind a VPN, a private network, or IP allow-lists. For those, you have two options:
- Heartbeat monitors — have the internal job ping CertSentry when it runs, and we alert when the pings stop. See heartbeat monitors.
- A public health endpoint — expose a minimal, unauthenticated health URL that's safe to hit from the internet.
A note on responsible use
Monitoring is read-only and low-volume by design — we connect, read, and disconnect. It behaves like an ordinary visitor, not a load test.