🔒 Bulk SSL Certificate Expiry & DNS Monitor (Fast, No-Browser)

Check SSL certificate validity and expiration for thousands of domains — plus DNS records (A/MX).
This Actor produces a clean security report including days remaining, issuer, valid-from/valid-to dates, resolved IP (A record), and any errors.

If you need an SSL expiry checker, bulk certificate monitor, TLS certificate validator, or DNS security audit tool for agencies, DevOps, or SEO teams—this Actor is built for speed and automation.

---

✅ What this Actor does

Given a list of domains or URLs, the Actor:

• Extracts the domain and checks HTTPS certificate data
• Validates SSL/TLS certificate status (sslValid)
• Computes days remaining until expiration (daysRemaining)
• Extracts certificate dates (validFrom, validTo) and issuer
• Resolves DNS records (at minimum A record → dnsIP; MX can be added depending on implementation)
• Outputs a structured dataset suitable for dashboards, alerts, and audits

---

🎯 Best use cases

• Agency maintenance / client reporting
  Prevent outages by tracking SSL expiry across client sites.
• DevOps monitoring
  Catch misconfigured certs, expired chains, or DNS failures early.
• SEO audits & site health
  Identify HTTPS issues that impact trust, crawling, and rankings.
• Compliance / governance
  Maintain evidence of certificate validity and renewal timelines.
• Bulk domain portfolio monitoring
  Monitor large sets of domains (brands, affiliates, properties).

---

✨ Key Features

• Bulk SSL expiry monitoring (days left, validity, issuer)
• DNS resolution checks (A record/IP; extendable to MX)
• Fast & lightweight (no browser automation)
• Export-ready dataset (CSV/JSON/Excel)
• Error visibility (timeouts, handshake failures, DNS errors)
• Apify-friendly: runs as a repeatable monitoring step in your pipeline

---

🛠 How to Use

1. Add your domains/URLs into Target Websites
   • Accepts: https://example.com or example.com style inputs (Actor will extract domain)
2. Run the Actor
3. Export the dataset (CSV/JSON) or feed it into your monitoring workflow

---

⚙️ Input Configuration

startUrls (required)

List of websites to check.

Example:

{
  "startUrls": [
    { "url": "https://apify.com" },
    { "url": "https://google.com" }
  ]
}

📦 Output Dataset (Security Report)

Each dataset item includes:

domain — checked domain name

sslValid — is SSL certificate valid

daysRemaining — days until expiration

validFrom — certificate issue date

validTo — expiration date

issuer — certificate authority

dnsIP — resolved IP (A record)

error — error message if any

Example Output

{
  "domain": "example.com",
  "sslValid": true,
  "daysRemaining": 42,
  "validFrom": "2025-12-01T00:00:00.000Z",
  "validTo": "2026-02-24T23:59:59.000Z",
  "issuer": "Let's Encrypt",
  "dnsIP": "93.184.216.34",
  "error": ""
}

📊 Dataset View (Security Report)

The built-in dataset view highlights:

Domain

SSL Valid

Days Left

Expires On

Issuer

IP Address

Error

This makes it easy to filter:

expiring soon (daysRemaining < 30)

invalid certificates (sslValid=false)

DNS issues (missing/invalid dnsIP)

errors by type (timeouts, handshake failures)

🔥 Pro Tips (to prevent incidents)

1. Prioritize by “days remaining”

A practical renewal workflow:

< 30 days: urgent

< 14 days: critical

< 7 days: incident risk

2. Use scheduled runs

Run daily/weekly and compare with last output:

detect new expirations

detect changes in issuer (unexpected CA swap)

detect DNS drift (IP changes)

3. Monitor DNS + SSL together

Many real outages happen due to:

cert renewed on wrong server (DNS points elsewhere)

DNS changes after SSL renewal

misconfigured load balancer with stale cert

🧯 Troubleshooting

sslValid=false but site loads in browser

Possible reasons:

incomplete chain / intermediate missing

SNI mismatch

strict validation catches issues browsers sometimes “work around”

error contains timeout / handshake failure

domain may block requests or require modern TLS settings

try running with different network/proxy configuration if your environment supports it

dnsIP empty

DNS resolution failed

domain has no A record

transient resolver issues

🔍 SEO Keywords (what this Actor targets)

ssl certificate checker

ssl expiry monitor

bulk ssl checker

tls certificate validator

https certificate expiration

dns monitor

a record checker

mx record checker

domain security audit

agency website monitoring

🗺 Roadmap

Planned enhancements:

Full DNS record support (MX/AAAA/CNAME/NS)

Certificate chain details (SANs, CN, chain validation)

Alerts output (webhook payload) for expiring/invalid domains

CSV summary + risk scoring (expires soon + invalid + DNS issues)

Support & Feedback

If you need additional DNS fields or a custom scoring model:

share a sample domain list

specify your thresholds (e.g., 30/14/7 days)

specify the output fields your dashboard expects