SSL monitoring built into every checkNot a separate product — built in
Every HTTP and browser check inspects the TLS certificate and emits full details as OTel span attributes. Expiry alerts, chain validation, and timing breakdown — zero additional configuration.
# Emitted on every HTTPS check
synthetics.tls.valid true
synthetics.tls.expiry_days 42
synthetics.tls.valid_from 2025-11-15T00:00:00Z
synthetics.tls.valid_to 2026-05-15T00:00:00Z
synthetics.tls.issuer_cn Let's Encrypt Authority X3
synthetics.tls.subject_cn api.example.com
synthetics.tls.fingerprint_sha256 a1b2c3d4...
synthetics.tls.chain_valid true
synthetics.tls.self_signed false
synthetics.tls.handshake_duration 45How it works
HTTP or browser check runs
Any HTTPS check automatically triggers TLS inspection. No extra configuration, no separate certificate monitoring check to maintain.
TLS handshake inspected
Certificate validity, expiry date, issuer chain, fingerprint, self-signed detection, and handshake duration captured.
Details emitted as span attributes
All TLS details emitted as OTel span attributes alongside the regular HTTP check telemetry — in the same span.
Alert on expiry threshold
Configure your alert threshold — be notified at 30 days, 14 days, or 7 days before expiry. Not at zero.
Expiry alerts before the user sees it
Alert configurable days before expiry. Not at zero days — before the certificate becomes a user-facing problem. Configure multiple thresholds: a warning at 30 days, a paging alert at 7 days.
Because SSL inspection is built into every check — not a separate monitoring target — your certificate alert fires from the same check that monitors your endpoint's health. One monitor, complete coverage.
Full chain validation
Not just expiry date. Issuer chain, self-signed detection, and fingerprint inspected on every check run. Know if a certificate was rotated with an incomplete chain before a browser flags it.
Fingerprint changes are surfaced in OTel spans — useful for detecting unexpected certificate rotations or potential certificate substitution.
TLS timing in OTel
TLS handshake duration emitted as an OTel metric on every check run, anomaly-scored against a 14-day rolling baseline. Slow TLS handshakes show up as performance anomalies in your backend — not just as a vague "slow response" that requires manual diagnosis.
When your TLS handshake starts taking 3× longer after a server configuration change, the anomaly fires before users notice the performance degradation.
Unlike standalone SSL monitoring tools
Most SSL monitoring is a separate product with a separate dashboard and a separate alert pipeline. Yorker SSL intelligence is built into every check — zero additional setup, no second monitoring tool to manage.
TLS details are emitted as OTel span attributes. Your ClickHouse or Grafana dashboard already has the certificate data alongside your other telemetry — without any additional configuration.
Anomaly detection on TLS handshake duration means you catch performance regressions in your TLS stack before expiry becomes the concern.
Close your observability blind spot
Free tier includes 10,000 HTTP checks and 1,500 browser checks per month. No credit card required.
npx yorker init