Live · Hourly checks · From $9/month

Never miss another
cert about to expire.

Tidelock watches your TLS certificates from outside your stack, runs hourly checks, and emails you 30, 14, 7, 3, and 1 day before any of them expire — so you never hear about an expired cert from a customer first.

View pricing How it works

Hourly checks Email alerts Cancel anytime

api.stripe.com

Valid · 84 days remaining

legacy.internal

Renewal due in 6 days

tidelock — live monitor

MONITORING · 12 DOMAINS

Common Name

*.yourcompany.com

Issuer

Let's Encrypt R3

Signature

SHA-256 · ECDSA

Status

● Healthy

Validity window 60 of 90 days remaining

— Built for teams who can't afford a Sunday-night incident —

90 days

Standard cert lifetime

47 days

Where it's heading by 2027

~4×

As many renewals to track

1 subdomain

Is all it takes to break trust

What it does

Nothing more than needed.
Everything you'd miss.

Tidelock does one thing: watches your certificates and warns you before they expire. No agents to install, no pipeline to rewire, no dashboard you'll never open.

Every certificate, every deadline, one view.

Add the certificates you watch. We put them on a single timeline — what's healthy, what's near renewal, what's already on fire.

api.yourco.com

76d

cdn.yourco.com

62d

staging.yourco.com

mail.yourco.com

A nudge before it breaks.

Email reminders at 30, 14, 7, 3, and 1 day before expiry — and the moment a cert goes expired or unreachable. Tweak the thresholds per account or per cert.

Email Slack — soon Discord — soon Webhook — soon

Watched from outside your stack.

Tidelock checks from the public internet — the same way your customers do. When an ACME client silently fails or a vendor quietly swaps a cert, we tell you before a customer screenshots the warning.

Customise the noise floor.

Sensible defaults out of the box — warnings at 30, 14, 7, 3, and 1 day before expiry, plus expired and unreachable alerts. Tighten or loosen each threshold per account, or override on a single cert.

Notification rules

Email · active

at 30, 14, 7, 3, 1 days

on expired or unreachable

on renewal (opt-in)

Slack, Discord, and webhook delivery are on the roadmap.

Public proof

Show, don't tell.
In one line of HTML.

Every monitor publishes its certificate status as a live SVG. Drop it in your footer, your docs, or your README — and let visitors see there's someone watching.

Same monitor, two themes — and the colour follows the cert

Embed

<a href="https://www.tidelock.dev">
  <img src="…/badge/k8f2x9a.svg">
</a>

Pulled live · 5-minute cache
Light and dark themes
An SVG. No JS, no cookies.

How it works

Three minutes to
zero surprise expiries.

01 — Add a certificate

Add the certs you watch.

Drop in a hostname. No DNS changes, no API keys, no agents — just the cert you want watched.

02 — Choose thresholds

Tell us when to speak up.

Email reminders at 30, 14, 7, 3, and 1 day before expiry. Tighten or loosen the thresholds — or take the defaults and never think about it.

03 — Forget

Go back to shipping.

Checks run hourly. You only hear from us when something needs you.

You've read this postmortem before.

A wildcard nobody owned. Four hours of checkout down. The Slack channel existed. The runbook existed. The alert didn't.

— Tidelock is the alert.

Pricing

No surprises.
Including in the price.

Pick a plan, add a hostname, and the first check runs within minutes. Monthly billing, no contracts, cancel anytime.

Solo

For your side projects and a couple of personal domains.

$9 / month

Start with Solo

5 monitored certificates
Hourly checks
Email alerts
Customisable thresholds
1-year check history

Pro

Recommended

For builders running real production.

$49 / month

Start with Pro

50 monitored certificates
Hourly checks
Email alerts (Slack, Discord, webhooks soon)
Customisable thresholds
1-year check history

Scale

When 50 monitors stops being enough.

$149 / month

Start with Scale

300 monitored certificates
Everything in Pro
1-year check history
Priority support

Enterprise

When 'unlimited' belongs in the contract.

Custom

Talk to us

Unlimited certificates
Custom retention
SLA · dedicated support
Internal CA monitoring (on request)

— Just need a quick check —

Free SSL checker DNS propagation

Answers

Questions, anticipated.

What exactly does Tidelock do?

One thing, well. You add certificates to watch by hostname. We open a fresh TLS connection on an hourly cadence, parse the certificate, and email you 30, 14, 7, 3, and 1 day before expiry — plus the moment a cert goes expired or unreachable. No agents. No pipeline integration. Slack, Discord, and webhook delivery are on the roadmap; internal CA monitoring is part of bespoke Enterprise builds.

Isn't this what my ACME client already does?

Your ACME client renews the certificates it knows about. Tidelock watches the certs you tell it to, from outside that system — including the vendor-issued cert on your marketing site or the subdomain someone forgot was on autorenew. When an ACME client silently fails, you want something outside the system to notice.

Does it work with internal or self-signed certificates?

Not on the self-serve plans — Tidelock watches certificates reachable on the public internet. Internal CA and self-signed cert monitoring is part of bespoke Enterprise builds; reach out if that's a blocker.

How quickly can I start monitoring?

Pick a plan, add a hostname, and the first check runs within minutes. Monthly billing, no contracts, cancel anytime — and if Solo or Pro stops fitting, swap plans without re-onboarding anything.

Stop finding out
from your customers.

Add the certificates you watch, set your reminder thresholds, and go back to shipping. Plans start at $9/month — cancel anytime.

View pricing Talk to us