Skip to main content
Alerts

Alert rules & channels

How to configure what CertShield notifies you about and where the notifications land.

Alerts are how CertShield turns discoveries into actions. Everything lives on the Alerts page, under the Alert Settings tab.

The five alert categories

CertShield ships with five built-in categories. You can enable or disable each one independently.

1. Endpoint Health

Fires when one of your live endpoints stops being healthy — expiring soon, install error, revoked, unreachable, or any other non-green state. This is the alert you care about most.

You can customize the expiry warning thresholds. By default, CertShield alerts at 30, 14, 7, and 1 days before expiry; you can toggle any of those off if you want less noise or a different schedule.

2. Endpoint Recovery

Fires when an endpoint that was previously unhealthy returns to healthy. Useful so you know a fix worked and can close the ticket.

3. Unauthorized Certificates

Fires when a certificate is issued for one of your domains by a Certificate Authority that isn’t on your allow-list for that domain. This is the CT log watchdog. See Unauthorized issuer alerts for how to configure your allow-list.

4. Certificate Changes

Fires when a new certificate shows up for an endpoint you’re monitoring. Good for rotation tracking — every time something renews, you get a confirmation. Some teams disable this to reduce noise once they trust their renewal pipeline.

5. Daily Digest

A once-per-day summary email of everything that happened in the last 24 hours — scans, discoveries, changes, and any alerts that fired. A good option if you want a single daily check-in instead of event-by-event pings.

Channels

Each alert rule has one or more delivery channels:

  • Email is available on every plan. By default, alerts go to the email address on your account. You can add additional recipients per rule.
  • Slack is available on Startup plans and above. Add a Slack webhook from the Settings → Integrations page, then toggle Slack on for each rule you want routed there. See Plans & pricing for which plans include Slack.

If a channel isn’t available on your plan, you’ll see a lock icon next to it. Upgrading turns it on immediately — no reconfiguration.

Testing a rule

Every rule has a Send test button. It delivers a harmless test notification to every channel that’s currently enabled on that rule. Use it after you add a Slack webhook or change your email recipient list to confirm everything still works.

Event history

Switch to the Event History tab to see every alert CertShield has tried to send, with delivery status per channel:

  • Sent — delivered successfully.
  • Failed — delivery was attempted but rejected. Click through for the error detail.
  • Deferred — we had something to send, but Quiet Hours are in effect. The alert is queued and will go out when the quiet window ends.
  • Pending — queued but not yet attempted.

What’s next

← Back to Help Center Contact support