Managing domains
How to add, configure, and troubleshoot the domains CertShield monitors on your behalf.
Domains are the unit of monitoring in CertShield. You add a hostname, we handle everything that happens to certificates issued for it.
Adding a domain
From the Domains page, click Add Domain. Enter the hostname as a bare domain — no https://, no path. For example: example.com, not https://example.com/login.
Scan subdomains
Leave Scan subdomains checked (the default) if you want CertShield to also pick up certificates issued for things like api.example.com, mail.example.com, and www.example.com. This is usually what you want. If you uncheck it, CertShield will only track the exact hostname you typed.
Authorized certificate authorities (optional)
You can restrict which Certificate Authorities are allowed to issue certificates for your domain. If any other CA issues a cert — something that should never happen if you haven’t changed providers — you’ll get an alert immediately. This is one of CertShield’s strongest defenses against compromise and mis-issuance.
You can pick from well-known CAs (Let’s Encrypt, DigiCert, Sectigo, and so on) or type in a pattern. Leave it empty if you’re not sure; you can come back later.
Triggering a manual scan
Each domain has a Scan now button. This forces a fresh check outside the normal schedule — useful after you’ve rotated a certificate and want to confirm the new one shows up right away.
There’s a short cooldown between manual scans so you don’t accidentally hammer the button. The button shows the countdown. Your plan also caps how many manual scans you can run per hour; see Plans & pricing.
Scan priority
On Pro and Business plans, you can mark individual domains as high or critical priority. Higher priority means we check the live endpoints more often — as often as every 15 minutes on Business. Use this for your most important customer-facing domains.
On Hobbyist and Startup plans, all domains are checked on the standard hourly schedule.
Deleting a domain
Deleting a domain is a hard delete. Everything CertShield knows about it goes away: the discovered certificates, the scan history, the endpoints, and any alert rules specific to that domain. You’ll see a confirmation dialog that spells this out before anything is removed.
If you want to stop monitoring without losing history, consider archiving individual endpoints instead (see Endpoints).
Plan limits
Each plan has a cap on how many endpoints you can monitor, not how many domains. A single domain with several live endpoints serving it counts as several endpoints against your plan. You’ll see your current usage on both the Domains page and the Billing page.
If you hit your limit, the Add Domain button is disabled and the banner tells you how to make room — either archive some endpoints or upgrade your plan.