SSL Certificate Monitor API | Expiry + Issuer Changes avatar

SSL Certificate Monitor API | Expiry + Issuer Changes

Pricing

from $9.00 / 1,000 results

Try for free
Go to Apify Store
SSL Certificate Monitor API | Expiry + Issuer Changes

SSL Certificate Monitor API | Expiry + Issuer Changes

Try for free

Check SSL/TLS certificates in bulk, detect expiry and issuer changes, and emit alert-ready rows for ops and SEO teams.

Pricing

from $9.00 / 1,000 results

Rating

0.0

(0)

Developer

太郎 山田

太郎 山田

Maintained by Community

Actor stats

0

Bookmarked

4

Total users

3

Monthly active users

3 days ago

Last modified

Categories

Developer tools

Automation

Share

SSL Certificate Monitor API | Expiry + Issuer Changes + Optional Web Risk

Bulk-check SSL/TLS certificates for hundreds of domains. Detect expiring certificates, issuer changes, certificate rotations, and optional Google Web Risk reputation signals — before they cause outages.

Store Quickstart

  • Start with store-input.example.json for a reliable dataset run across three known domains.
  • If that matches your workflow, switch to store-input.templates.json and pick one of:
  • Quickstart (Dataset) for first-run validation
  • Portfolio Watch for larger domain sets
  • Webhook Alert for operational notifications

The Store example is tuned for a quick first success: port=443, moderate concurrency, and a 90-day warning threshold.

What does this actor do?

Connects directly to each domain via TLS (using Node.js's built-in tls module) and inspects the SSL certificate. No browser needed, no proxies needed, and no API keys required for SSL-only runs.

Key Features

  • 🔒 Direct TLS inspection — Connects at the protocol level, not through HTTP
  • Expiry warnings — Configurable alert threshold (default: 30 days)
  • 🔄 Certificate rotation detection — Tracks fingerprint changes between runs
  • 🔍 Issuer change alerts — Detect when a certificate's issuer changes (potential security issue)
  • 🛡️ Optional Google Web Risk lookup — Commercially usable reputation/threat checks with your own Google Cloud API key
  • Invalid cert detection — Catches expired, self-signed, and misconfigured certificates
  • 🪝 Webhook notifications — Slack/Discord/custom webhook support

Use Cases

WhoWhy
DevOps teamsPrevent certificate expiry outages across all domains
Security teamsDetect unauthorized certificate changes
MSPsMonitor client SSL certificates at scale
SEO agenciesVerify client sites have valid HTTPS

Input Example

{
  "domains": ["google.com", "github.com", "expired.badssl.com"],
  "expiryWarningDays": 30,
  "concurrency": 5,
  "delivery": "dataset"
}

Optional Google Web Risk input

Google Safe Browsing is intentionally not used here because it is not commercially usable. If you want optional reputation data, enable Google Web Risk instead:

{
  "domains": ["example.com", "github.com"],
  "expiryWarningDays": 30,
  "delivery": "dataset",
  "enableReputationLookup": true,
  "reputationApiKey": "YOUR_GOOGLE_WEB_RISK_API_KEY",
  "reputationThreatTypes": ["MALWARE", "SOCIAL_ENGINEERING"]
}

If enableReputationLookup is false (default), the actor behaves like the original SSL-only version.

Output Example

{
  "domain": "google.com",
  "status": "initial",
  "cert": {
    "subject": "CN=*.google.com, O=Google LLC, C=US",
    "issuer": "CN=WR2, O=Google Trust Services, C=US",
    "validFrom": "Jan 27 08:36:26 2026 GMT",
    "validTo": "Apr 21 08:36:25 2026 GMT",
    "serialNumber": "1A2B3C4D...",
    "bits": 256,
    "altNames": ["*.google.com", "google.com"],
    "authorized": true,
    "protocol": "TLSv1.3"
  },
  "changes": [],
  "warnings": [
    {
      "type": "expiring_soon",
      "message": "Certificate expires in 28 days",
      "daysLeft": 28
    }
  ],
  "reputation": {
    "provider": "google_webrisk",
    "status": "clean",
    "uri": "https://google.com/",
    "checkedAt": "2026-02-22T05:00:54.606Z",
    "requestedThreatTypes": ["MALWARE", "SOCIAL_ENGINEERING"],
    "threatTypes": [],
    "hasThreats": false,
    "expireTime": null
  }
}

A fuller ready-to-share payload is available in sample-output.example.json for Store and README proof.

If Google Web Risk flags a URI, the result also includes a reputation_threat_detected warning and reputation.status = "threat_found".

Cost

Core SSL mode: zero external costs. Uses Node.js built-in TLS — no API keys, no proxies.

Optional reputation mode: Google Web Risk uses your Google Cloud billing account and API key. That optional lookup is commercially usable and is only called when explicitly enabled.

Rate Limiting

  • Configurable concurrency (1-10 parallel connections)
  • 10-second connection timeout per domain
  • Automatic retry on transient network errors

Commercial Ops

Set up .env first:

$cp -n .env.example .env

Cloud Task/Schedule setup (idempotent):

$npm run apify:cloud:setup

Daily reliability checks:

npm run canary:check
npm run contract:test:live

OpenClaw cron commands:

  • openclaw-cron-commands.md
  • rdap-domain-monitor — pair certificate alerts with registrar and ownership changes.
  • dns-dmarc-security-checker — extend domain monitoring into email and DNS security.
  • security-headers-checker — cover browser-facing security posture on the same sites.

You might also like

SSL Certificate Checker avatar

SSL Certificate Checker

automation-lab/ssl-certificate-checker

SSL Certificate Checker connects to domains over TLS and inspects their SSL certificates. It returns structured data about certificate validity, expiry, issuer chain, TLS protocol version, cipher suite, and a security grade from A+ to F.

User avatar

Stas Persiianenko

3

SC

SSL Certificate Checker

nexgendata/ssl-certificate-checker

Check SSL/TLS certificates for any domain — expiration dates, issuer, protocol versions, and security grade. Monitor certificate health across your infrastructure.

User avatar

Stephan Corbeil

2

Bulk SSL Certificate Expiry DNS Monitor avatar

Bulk SSL Certificate Expiry DNS Monitor

logiover/bulk-ssl-certificate-expiry-dns-monitor

Check SSL certificate validity and expiration (days left, issuer, valid from/to) plus DNS A/MX resolution for thousands of domains. Fast, no browser, export-ready JSON/CSV. Ideal for agencies, SEO audits, DevOps monitoring and compliance.

User avatar

Logiover

5

SSL Certificate Expiry Monitor avatar

SSL Certificate Expiry Monitor

andok/ssl-certificate-monitor

Monitor SSL/TLS certificate validity and expiration dates across thousands of domains to prevent costly outages.

User avatar

Andok

2

SC

SSL Certificate Checker

scrappy_garden/ssl-certificate-checker

Check SSL/TLS certificates for any website: expiration date, issuer, subject, hostname match (SNI), chain/authorization status, and common HTTPS misconfigurations. Useful for SEO audits, security checks, and uptime monitoring.

User avatar

Bikram Adhikari

6

SSL Certificate Checker avatar

SSL Certificate Checker

rationalistic_counsel/ssl-certificate-checker

User avatar

J N

2

SC

Ssl Checker API

vivid_astronaut/ssl-checker

User avatar

Fabio Suizu

2

RDAP Domain Monitor API | Ownership + Expiry avatar

RDAP Domain Monitor API | Ownership + Expiry

taroyamada/rdap-domain-monitor

Monitor domain registration data via RDAP and track expiry, registrar, nameserver, and ownership changes in structured rows.

User avatar

太郎 山田

3

SC

SSL Certificate Transparency Search

ryanclinton/crt-sh-search

Search Certificate Transparency (CT) logs via crt.sh to discover every SSL/TLS certificate ever issued for any domain. Enumerate subdomains, audit certificate histories, and monitor for unauthorized certificate issuance -- all through a clean JSON API on Apify with no infrastructure to manage.

User avatar

ryan clinton

2

Website HTTPS & SSL Health Checker avatar

Website HTTPS & SSL Health Checker

pillowy_travel/website-https-ssl-health-checker

Checks HTTPS availability and SSL certificate health for given URLs

User avatar

SAHIL KUMAR

72

5.0