How do heartbeat monitors work?
Most checks reach out to your target. A heartbeat works the other way: your job pings us, and we alert when the pings stop. It's the dead-man's-switch for work that has no public URL — backups, cron jobs, queue workers, nightly ETL, certificate renewals themselves.
Set one up
- Create a heartbeat monitor. CertSentry gives you a unique ping URL.
- Have your job call that URL when it finishes successfully — a single
curlat the end of the script is enough. - Set the expected interval (how often the job should run) and a grace period (how late is acceptable before it's a problem).
If a ping doesn't arrive within the interval plus the grace period, you get an alert that the job is overdue. When pings resume, you get a recovery notice.
Example
A backup that runs hourly might use a 1-hour interval and a 15-minute grace period:
0 * * * * /usr/local/bin/backup.sh && curl -fsS https://…/ping/<token>
Because the ping is the last step, it only fires when the job actually succeeded.
Good to know
- A new heartbeat is "unarmed" until its first ping arrives, so setting it up never pages you prematurely.
- The token in the ping URL is the authentication — keep it private, and regenerate it if it leaks.
- Pair it with outbound checks: the heartbeat tells you the job ran; an uptime check tells you the result is reachable.