SSL monitoring for AWS ACM (Certificate Manager)
ACM auto-renewal works flawlessly until DNS validation fails: someone deletes a validation CNAME, transfers the hosted zone, or moves a domain to Route53 from another provider. ACM stops renewing silently, the existing cert keeps serving for weeks, then it expires. ManageCert hits your public CloudFront / ALB / custom-domain endpoints daily and tells you when renewal cycles stop happening.
The classic AWS ACM failure: you set up DNS validation 18 months ago via a CNAME record. A teammate restructures Route53 and deletes the validation CNAMEs to clean up. ACM silently fails the next renewal. 80 days later, customers hit your CloudFront distribution with an expired cert. ManageCert is the independent observer that catches the broken cycle the day it stops.
Why ManageCert for AWS ACM
Catches DNS-validation renewal failures
ACM's DNS validation is invisible — the failure mode is no notification, just an expired cert weeks later. We hit the public endpoint daily and surface the broken cycle before expiry.
Works across CloudFront / ALB / API Gateway
Any public-facing AWS endpoint served via ACM. Just add the hostname. We do the rest.
No AWS API access needed
We monitor from the outside — port 443 + DNS + WHOIS. No IAM role, no CloudWatch wiring, no AWS account access required. Zero risk to your AWS setup.
SSL, domain expiry, DNS — daily, across all your domains.
SSL certificates
Expiry, issuer, SANs, chain validity, hostname match. Alerts at 30/14/7/1 days, plus immediate if invalid.
Domain registration
RDAP + WHOIS lookups daily. Alerts at 60/30/14/7 days. Catches lapsed-domain → squatter before it happens.
DNS records
A/AAAA/MX/CNAME/TXT/NS snapshot + diff. Catches mid-night MX flips before mail breaks for a week.
SSL monitoring for AWS ACM (Certificate Manager)
Solo $19 · Pro $39 · Agency $99 · Studio $249. 14-day free trial. Annual saves 20%.