Everything Xpiry watches for you

Full handshake inspection on every check.

Certificate chain validation, expiry tracking, TLS version and cipher inspection, OCSP stapling, ALPN, fingerprints, and self-signed detection.

Learn more

Headers, CAA, DNSSEC, CT logs — graded A+ to F.

HSTS, CSP, X-Frame-Options, CAA, DNSSEC, Certificate Transparency, OCSP stapling — combined into a single security grade with explanations.

Learn more

Know the moment a cert changes — and why.

Every check diffs the new cert against the previous one. Rekeys, issuer swaps, SAN drift, weakened crypto, and chain regressions are classified, severity-ranked, and surfaced as alerts with a full audit trail.

Learn more

RDAP-first, WHOIS fallback.

Tracks registrar, registration date, and expiry for every domain you monitor. Subdomains automatically share registration data with their parent so you never duplicate WHOIS lookups.

Learn more

Email, Slack, Teams, Discord, PagerDuty, webhooks.

Six notification channels, configurable per-domain thresholds, smart deduplication, and severity-aware delivery so you only get paged for things that actually matter.

Learn more

Everything you can do in the dashboard, programmatically.

List domains, add and verify them, fetch SSL details, security scans, alerts, alert rules, and check logs. API key auth. Available on Pro and Agency.

Learn more

Manage monitoring as code.

The official terraform-provider-xpiry lets you declare domains and alert rules in HCL, with data sources for accounts and individual domains. Perfect for agencies onboarding clients in bulk.

Learn more