SSL monitoring for Heroku apps with custom domains
Heroku Automated Certificate Management (ACM) handles renewal automatically — except when it doesn't, which is often enough that sysadmins have a category for it. ManageCert hits each of your Heroku custom domains daily and alerts you 30/14/7/1 days before expiry, so ACM silence stops being your problem.
Heroku ACM is a black box: when it works it's invisible, when it doesn't it's invisible. The dashboard shows 'SSL active' on a domain whose cert is two days from expiring. ManageCert is the independent observer that hits the actual public cert and tells you what visitors will see.
Why ManageCert for Heroku apps
Hits the actual public cert
We don't trust dashboards. We do a real TLS handshake every day and report the cert that's being served — the only thing your customers see.
Multi-app, multi-domain dashboard
Have 20 Heroku apps with 40 custom domains across them? CSV-import them all. One dashboard, one set of alerts.
Catches DNS-flip ACM failures
ACM renewal needs DNS pointing at Heroku's `herokudns.com` target. If someone touches DNS, the renewal silently breaks. We watch DNS too — you hear the same day.
SSL, domain expiry, DNS — daily, across all your domains.
SSL certificates
Expiry, issuer, SANs, chain validity, hostname match. Alerts at 30/14/7/1 days, plus immediate if invalid.
Domain registration
RDAP + WHOIS lookups daily. Alerts at 60/30/14/7 days. Catches lapsed-domain → squatter before it happens.
DNS records
A/AAAA/MX/CNAME/TXT/NS snapshot + diff. Catches mid-night MX flips before mail breaks for a week.
SSL monitoring for Heroku apps with custom domains
Solo $19 · Pro $39 · Agency $99 · Studio $249. 14-day free trial. Annual saves 20%.