starred/uptime-kuma

Fork 0

mirror of https://github.com/louislam/uptime-kuma.git synced 2026-03-02 22:57:00 -05:00

Per service TLS Certificate Expiry warning thresholds #2240

New issue

Open

opened 2026-02-28 02:47:41 -05:00 by deekerman · 3 comments

deekerman commented

2026-02-28 02:47:41 -05:00

Owner

Originally created by @lets-git-going on GitHub (Jun 8, 2023).

⚠️ Please verify that this feature request has NOT been suggested before.

I checked and didn't find similar feature request

🏷️ Feature Request Type

New Notification, New Monitor, UI Feature

🔖 Feature description

(This is different from request #3028)

I understand that we can set TLS Certificate Expiry thresholds in the global settings, but we have a need to monitor different hosts with different thresholds.

For example:

websites on CPanel hosted services automatically renew their certificates with around 15 days to go and you cannot override that setting. I'd want an alert if we hit 10 days for those type of websites
Self hosted websites with self-managed certificates renew when I renew them. For those, I'd want to know when there is 45 or fewer days left in case I forgot to renew
Sites hosted with Let's Encrypt certificates (90 day validity) at another host, auto renew every 10 days, so if there's fewer than say 60 days left, I'd want an alert to let me know that auto-renewal failed to give me ample time to fix it.

✔️ Solution

It would be quite helpful to be able to be able to override the system-wide TLS expiration notification threshold days per host.

❓ Alternatives

No response

📝 Additional Context

Originally created by @lets-git-going on GitHub (Jun 8, 2023). ### ⚠️ Please verify that this feature request has NOT been suggested before. - [X] I checked and didn't find similar feature request ### 🏷️ Feature Request Type New Notification, New Monitor, UI Feature ### 🔖 Feature description (This is different from request #3028) I understand that we can set TLS Certificate Expiry thresholds in the global settings, but we have a need to monitor different hosts with different thresholds. For example: - websites on CPanel hosted services automatically renew their certificates with around 15 days to go and you cannot override that setting. I'd want an alert if we hit 10 days for those type of websites - Self hosted websites with self-managed certificates renew when I renew them. For those, I'd want to know when there is 45 or fewer days left in case I forgot to renew - Sites hosted with Let's Encrypt certificates (90 day validity) at another host, auto renew every 10 days, so if there's fewer than say 60 days left, I'd want an alert to let me know that auto-renewal failed to give me ample time to fix it. ### ✔️ Solution It would be quite helpful to be able to be able to override the system-wide TLS expiration notification threshold days per host. ### ❓ Alternatives _No response_ ### 📝 Additional Context ![image](https://github.com/louislam/uptime-kuma/assets/136001276/0be18e24-8d59-480b-835d-f6cef0b7fc78)

deekerman added the

feature-request

A:monitor

A:cert-expiry

labels

2026-02-28 02:47:41 -05:00

deekerman commented

2026-02-28 02:47:43 -05:00

Author

Owner

@CommanderStorm commented on GitHub (Jun 9, 2023):

I think this just adds extra unnecessary complexity.

Cert-Expiry is something that should never happen, as this process should be automated.
Why would such a feature be helpful instead of setting your notifications to min(expirty_time_all_services)
10 days seems quite a reasonable timeframe imo..

@CommanderStorm commented on GitHub (Jun 9, 2023): I think this just adds extra unnecessary complexity. Cert-Expiry is something that should never happen, as this process should be automated. Why would such a feature be helpful instead of setting your notifications to `min(expirty_time_all_services)` 10 days seems quite a reasonable timeframe imo..

deekerman commented

2026-02-28 02:47:47 -05:00

Author

Owner

@lets-git-going commented on GitHub (Jun 9, 2023):

Hi @CommanderStorm
I agree that 10 days is reasonable for many services, especially those with auto-renewing certificates through something like cPanel. In fact, alerting much before that will trigger lots of false alarms as cPanel doesn't renew until there is 15 days left.

However, there are plenty of other services where certificates don't auto renew, say VPN over HTTPS services, self-managed services that use non-auto renewing certificates (say like EV validated ones that require a bunch of manual interaction), webmail server ssl, etc. For those, we have processes in place to make sure that their typically annual renewals are done well ahead of expiration. If we drop the ball on a renewal, it's not installed correctly, someone doesn't do it, but marks it as done, etc, uptime kuma could report on it before 10 days to go is we could configure per host thresholds.

The other example I tried to explain is a self-managed automatic renewal that runs for certificates from a provider like Let's Encrypt. The often run with 30 or more days left on the 90 day certificate. If something breaks there and renewals aren't working, it would be good to know before there's only 10 days left to provide ample time to resolve whatever the issue is.

I am absolutely not suggesting that every host must be configured manually, rather that there's an option to either use some global threshold OR to ignore that threshold and use a custom one where appropriate.

I hope that helps to better explain my thinking.

@lets-git-going commented on GitHub (Jun 9, 2023): Hi @CommanderStorm I agree that 10 days is reasonable for many services, especially those with auto-renewing certificates through something like cPanel. In fact, alerting much before that will trigger lots of false alarms as cPanel doesn't renew until there is 15 days left. However, there are plenty of other services where certificates don't auto renew, say VPN over HTTPS services, self-managed services that use non-auto renewing certificates (say like EV validated ones that require a bunch of manual interaction), webmail server ssl, etc. For those, we have processes in place to make sure that their typically annual renewals are done well ahead of expiration. If we drop the ball on a renewal, it's not installed correctly, someone doesn't do it, but marks it as done, etc, uptime kuma could report on it before 10 days to go is we could configure per host thresholds. The other example I tried to explain is a self-managed automatic renewal that runs for certificates from a provider like Let's Encrypt. The often run with 30 or more days left on the 90 day certificate. If something breaks there and renewals aren't working, it would be good to know before there's only 10 days left to provide ample time to resolve whatever the issue is. I am absolutely not suggesting that every host must be configured manually, rather that there's an option to either use some global threshold OR to ignore that threshold and use a custom one where appropriate. I hope that helps to better explain my thinking.

deekerman commented

2026-02-28 02:47:47 -05:00

Author

Owner

@imne commented on GitHub (Jul 31, 2023):

this would be a great addition, we have this use case in our org where currently we just use another system to issue out reminders, if this could be added within uptime kuma that would be great

@imne commented on GitHub (Jul 31, 2023): this would be a great addition, we have this use case in our org where currently we just use another system to issue out reminders, if this could be added within uptime kuma that would be great