Skip to main content
Getting Started

Adding your first domain

A step-by-step walkthrough of getting CertShield monitoring your first domain and its certificates.

This is the fastest path to your first useful view in CertShield. It takes about two minutes.

Step 1 — Open the Domains page

From the left navigation, click Domains. You’ll land on an empty list the first time.

Step 2 — Add a hostname

Click Add Domain and enter the hostname you want to monitor. A few things to know:

  • Use the root domain (e.g. example.com), not a URL. No https://, no trailing slash.
  • If you want CertShield to also track certificates on subdomains like api.example.com or mail.example.com, leave Scan subdomains checked. This is the usual choice.
  • You can optionally set authorized certificate authorities at this point — for example, “only Let’s Encrypt may issue certs for this domain.” You can come back and do this later. See Unauthorized issuer alerts.

Click Add. CertShield starts working immediately.

Step 3 — Wait about 30 seconds

Two things happen in parallel:

  1. Certificate Transparency search. CertShield queries public CT logs for every certificate ever issued for your domain (and its subdomains, if you enabled that). This usually returns results in seconds to a minute.
  2. Live endpoint discovery. CertShield connects to the domain over TLS on port 443, retrieves the certificate currently being served, and records the IPs serving it.

You can watch the domain row update in real time — the status badge will cycle through Pending → Scanning → Active as each stage finishes.

Step 4 — See what CertShield found

Once the initial scan completes, head to:

  • Certificates — every certificate discovered for your domain, with issuer, subject, and expiry. This is often the first time teams see their full certificate inventory in one place.
  • Endpoints — every live endpoint CertShield was able to reach, with the certificate it’s currently serving and when it expires.
  • Dashboard — the at-a-glance health overview.

Step 5 — Turn on alerts

The last step is telling CertShield how you want to hear about problems. On the Alerts page, confirm the default alert rules are enabled and that your email address is receiving them. If you’re on a plan that supports Slack, you can add that as a second channel.

See Alert rules & channels for the details.

That’s it

You now have:

  • A full certificate inventory for your domain, historical and current.
  • Live endpoint health checks running on a schedule.
  • Email alerts for expiry, unauthorized issuers, and revoked certificates.

Add more domains anytime from the same page. Each plan has an endpoint limit — see Plans & pricing for the numbers.

← Back to Help Center Contact support