Professional monitoring SSL certificate status changes and lifecycle transitions

Status Change Alerts

Get notified when certificates change status throughout their lifecycle. We automatically scan your certificates multiple times per day to detect renewals, expirations, and status changes. Need up-to-the-second data? Trigger a manual scan anytime from your dashboard to get instant status updates and alerts.

Key Benefits

  • Confidence your auto-renewals succeeded. No more guessing or assuming.
  • Track certificates after expiry for compliance
  • Smart deduplication prevents alert spam
  • Complete lifecycle visibility, not just expiry

Complete SSL Certificate Lifecycle Monitoring

We alert on all status changes throughout the SSL certificate lifespan progression, and you can choose which ones are important to you.

Certificate Lifecycle Visualization showing status transitions from Chilled → Good → OK → Imminent → Critical → Expired

Available Certificate Statuses

Track your SSL certificates from renewal (Chilled) through expiration as they age through their lifecycle. We recommend enabling at least Chilled (Recently Renewed) to confirm successful renewals and Expired for immediate security incident awareness. For proactive management, consider also enabling Imminent and Critical to catch issues before they become urgent.

Professional monitoring SSL certificate lifecycle progression and status transitions

Certificate Lifecycle Progression

  1. Chilled (Recently Renewed)

    Recommended

    Certificate in excellent condition. Plenty of time remaining.

    Use case: Confirm your automation is working. Peace of mind that renewals succeeded.

  2. Good

    Certificate in good condition. Healthy status.

    Use case: Monitor certificates entering their healthy state after installation.

  3. OK

    Certificate status acceptable. No immediate action needed.

    Use case: Early awareness that renewal time is approaching.

  4. Imminent

    Renewal window approaching. Plan renewal soon.

    Use case: Important warning before reaching critical status. Time to prioritize renewal.

  5. Critical

    Certificate needs immediate attention. Urgent renewal required.

    Use case: Last chance to renew before expiration. Emergency escalation.

  6. Expired

    Recommended

    Certificate has expired. Renew immediately.

    Use case: Immediate notification that a certificate has expired. Critical for compliance and security response tracking.

Other Status Alerts

These statuses are not part of the natural lifecycle progression but indicate issues that need attention.

Failing

Unable to verify certificate. Check configuration.

Use case: Get notified early when configuration or connectivity issues are detected, so you can fix them before they impact users.

Unknown

Status could not be determined. Verify domain accessibility.

Use case: Stay informed when automated verification needs a second look, ensuring nothing falls through the cracks.

Beyond Expiry: The Alerts Most Platforms Miss

Most SSL monitoring tools stop watching the moment a certificate expires. But that's often when the real damage begins.

If you care about avoiding expiry, you should care even more about expiry that goes unnoticed. That's why Chill SSL offers continuous monitoring: we keep watching when everyone else stops.

Why Our Alerts Don't Stop at Expiry

Traditional SSL Alerts

Alerts stop at expiry

Chill SSL

Alerts continue until recovery

Traditional SSL Alerts

Awareness ends when the problem begins

Chill SSL

Visibility continues (non-spammy reminders)

Traditional SSL Alerts

Risk of silent failure

Chill SSL

You'll know before your customers do

SSL in the Wild

Chill SSL recently detected that an SSL certificate at the world's largest streaming company (with a market cap in the hundreds of billions) had expired and sat undetected for weeks. While it appears the certificate wasn't being monitored initially, Chill SSL's post-expiry alerts would have caught this immediately and provided continuous visibility until remediation.

Pre-expiry alerts prevent problems. Post-expiry alerts prove you caught them.

How It Works

How SSL certificate status change alerts work
1

Regular Scanning

We scan your certificates multiple times daily, checking their current status and comparing to previous scans. Real-time updates can be triggered from your dashboard's manual scan function.

2

Status Change Detection

When a certificate's status changes (e.g., Good → Expired or any status → Chilled), we detect it immediately. You can also trigger email alerts for Failing and Unknown statuses.

3

Smart Notification

If you have a Status Alert enabled in your settings for that particular status, we send an email alert. Smart deduplication prevents spam.

What Status Change Alert Emails Look Like

Status Change Alert Email example showing certificate example.com changed from Good to Expired

Frequently Asked Questions About Status Change Alerts

Get answers to common questions about monitoring SSL certificate status changes.

Status change alerts notify you whenever a certificate transitions from one status to another — for example, from Good to Imminent, from Critical to Expired, or from Expired to Chilled (when a certificate is renewed). Unlike expiry threshold alerts which fire at pre-set time points, status change alerts respond to actual certificate lifecycle events as they happen.
You can enable alerts for: Chilled (recently renewed), Good, OK, Imminent, Critical, Expired, Failing, and Unknown. Each status can be enabled or disabled independently. We recommend enabling Chilled and Expired as a minimum — these two statuses cover renewal confirmation and expiry notification.
Chilled is the status assigned when a certificate has been recently renewed — it has a fresh expiry date significantly in the future. When we detect a certificate transitioning to Chilled status, it means auto-renewal succeeded. Enabling Chilled alerts gives you positive confirmation that renewals worked, eliminating the anxiety of wondering if your auto-renewal process is functioning correctly.
An Expired alert tells you immediately when a certificate actually expires — meaning auto-renewal failed. While expiry threshold alerts give you advance warning, the Expired status alert is your final safety net. It's the difference between knowing about a problem before your users do (within hours of expiry) versus finding out when customers start reporting "Not Secure" warnings.
Since we scan multiple times per day, status changes are typically detected and alerts sent within hours of the change occurring. For immediate awareness, you can trigger a manual scan from your dashboard at any time — this runs an on-demand scan and sends alerts for any status changes detected instantly.
Expiry threshold alerts fire at pre-set time points before expiry (e.g., 30 days, 7 days, 1 day before). Status change alerts fire when the certificate's actual status changes — regardless of timing. Status change alerts are event-driven, while threshold alerts are time-driven. Both are complementary: use thresholds for planned renewal reminders, and status change alerts for real-time lifecycle events.
No. Smart deduplication ensures you only receive one alert when a status changes. If a certificate remains in the same status across multiple scans, no additional alerts are sent. You'll only receive another alert when the status changes again — for example, from Expired back to Chilled when the certificate is renewed.
Yes. Combine Expired status change alerts with custom post-expiry thresholds (e.g., 1 day after expiry, 3 days after, 7 days after) to create a complete post-expiry monitoring trail. This is particularly valuable for compliance requirements where you need to document how long a certificate was expired and track the remediation timeline.

Monitor Your SSL Certificate Lifecycle

Enable status change alerts and get confirmation when renewals succeed, not just warnings when they fail.