SSL Certificate Expiring (7 Days)

What This Check Does

The SSL Certificate Expiring (7 Days) check is a critical-level alert triggered when your SSL/TLS certificate has fewer than 7 days remaining before it expires. At this threshold, DNS Spy treats the situation as urgent and issues high-priority notifications. This is the final warning before the certificate expires and your site begins serving security errors to visitors.

Why It Matters

Seven days is the critical zone. If your certificate expires, every major browser — Chrome, Firefox, Safari, Edge — will display a full-page warning blocking visitors from proceeding to your site. Search engines may also flag your site as insecure. For e-commerce, SaaS platforms, and any site handling user data, this is a severe incident.

Renewal at this stage requires immediate action. Even automated tools like Certbot need DNS records to validate correctly, and any misconfiguration can cause the automated renewal to fail, leaving you with no time to recover manually.

Good vs. Bad Configuration

Bad Configuration

The certificate for example.com expires in 5 days. Previous alerts were missed. The team is now scrambling to renew during business hours, racing against the clock before visitors start seeing certificate errors.

Good Configuration

Despite reaching the 7-day threshold, the team is aware and has already submitted a renewal request. The new certificate is being staged for deployment. DNS Spy will automatically clear the alert once the renewed certificate is detected.

How DNS Spy Monitors This

DNS Spy issues a critical-priority alert when fewer than 7 days remain on your certificate. Notifications are sent immediately across all configured channels. DNS Spy continues checking on its regular cycle and will resolve the alert automatically once a renewed certificate with a future expiration date is detected on your domain.