Skip to content

NEW Free · PagerDuty Events API v2 · Unlimited domains

PagerDuty SSL Certificate Alerts

Route SSL certificate expiry crossings into PagerDuty using the Events API v2 — so escalation policies, on-call rotations, and incident workflows pick them up automatically. Five-minute setup, unlimited domains, configurable 30 / 7 / 1-day reminder windows.

Open Certimon Dashboard See the setup steps

Why route SSL expiry alerts into PagerDuty

Email and chat-channel reminders work for routine renewals — but a checkout endpoint or auth API certificate about to expire is an incident. It needs to wake the right on-call engineer through the same escalation policy that handles a 5xx spike or a database outage, not sit unread in a shared inbox.

Certimon delivers to PagerDuty through the official Events API v2 — the supported, current integration path. Incidents carry the domain, days until expiry, certificate issuer, the triggering reminder window, and a stable dedup key so renewals auto-resolve the matching incident.

Pair the PagerDuty destination with Microsoft Teams or Telegram delivery in the same alerting rule so the same expiry crossing reaches the on-call rotation and the team channel — without configuring two separate monitors.

Setup: PagerDuty SSL alerts in five steps

All of the PagerDuty-side work happens inside the service's Integrations tab. No extra app install, no admin consent dialog.

  1. 1

    Open or create the target PagerDuty service

    In PagerDuty, go to Services → Service Directory. Open the service that should receive the SSL alerts (e.g. SSL Certificates) or click New Service to create one.

    When creating a new service, attach the escalation policy that should fire — typically the same one your platform or SRE rotation already uses.

  2. 2

    Add an Events API v2 integration

    Open the service's Integrations tab and click Add an integration. Search for Events API v2, select it, name the integration something recognisable like Certimon SSL alerts, and save.

    This is the current supported integration type. Avoid Events API v1 — it's deprecated and lacks per-event severity and dedup-key support.

  3. 3

    Copy the integration key (and treat it as a secret)

    PagerDuty shows a 32-character key — also called a routing key — that looks like:

    R0XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    Anyone with this key can create incidents on the service, so store it like an API key. You can rotate it later by deleting and re-adding the integration on the same service.

  4. 4

    Add the destination in Certimon

    Open the Certimon dashboard at app.certimon.com and go to Alerting → Destinations → New destination.

    Channel type: PagerDuty

    Name: something searchable, e.g. SSL Certificates service

    Integration key: paste the value from step 3

    Save. Use the Send test event button to confirm an incident appears in the service and the escalation policy notifies the right person.

  5. 5

    Bind the destination to an alerting rule and attach domains

    Create or edit an alerting rule under Alerting → Rules. Bind the PagerDuty destination with one or more reminder windows — common choices are 30, 7, 1 days. The same rule can also include a Microsoft Teams or Telegram destination.

    Attach the rule to the domains you want monitored from the Domains list. From that point, every threshold crossing triggers (or auto-resolves) the matching PagerDuty incident.

Best practices for PagerDuty SSL alerts

A few conventions that keep PagerDuty useful instead of noisy.

Use one service per blast radius

Create one PagerDuty service per environment or per customer-facing tier (e.g. SSL Certificates — Production, SSL Certificates — Staging) instead of one giant service. Escalation policies and noise budgets can then differ per tier.

Layer reminder windows, not severities

Bind 30, 7, 1 day windows. Certimon escalates severity automatically (info → warning → critical) so escalation policies fire only when needed — without you maintaining three rules.

Let renewals auto-resolve

Certimon sends a resolve event for the same dedup key when the certificate is renewed. Don't manually resolve incidents — the next successful check will close them and keep your MTTR metrics honest.

Mirror to a chat channel for context

Bind the same rule to a Microsoft Teams or Telegram destination. The PagerDuty incident wakes the on-call engineer; the channel message gives the rest of the team enough context to help without opening PagerDuty.

Test before you trust it

Always use Send test event after creating the destination, and again after rotating the integration key — confirm the escalation policy actually pages the right person.

Document the key owner

Note the PagerDuty service and integration owner in the Certimon destination name (e.g. "SSL Certs — owned by platform"). When ownership moves teams, rotate the key as part of the handover.

Events API v2 vs the deprecated v1 path

PagerDuty's older Events API v1 endpoint is still reachable but officially deprecated. Certimon only supports the current Events API v2 integration path, which is required for severity-aware routing and clean dedup.

Events API v2
(used by Certimon)		 Events API v1
(deprecated)
Recommended by PagerDuty✅ Yes❌ Deprecated
Per-event severity✅ info / warning / error / critical❌ Service-level only
Trigger / acknowledge / resolve✅ Full lifecyclePartial
Dedup key (auto-resolve renewals)✅ YesLimited
Setup locationService → Integrations → Events API v2Service → Integrations → Events API v1

FAQ — PagerDuty SSL alerts

How do I send SSL certificate expiry alerts to PagerDuty?

Create an Events API v2 integration on a PagerDuty service, copy the 32-character integration key, then add it as a PagerDuty destination in the Certimon dashboard at app.certimon.com. Bind it to an alerting rule and attach the rule to the domains you want monitored.

Does Certimon use the legacy Events API v1?

No. Certimon uses the current Events API v2, which supports per-event severity, the trigger / acknowledge / resolve lifecycle, custom payloads, and dedup keys for clean auto-resolution.

Is sending SSL alerts to PagerDuty free?

Certimon is free with unlimited domains and unlimited reminder windows. PagerDuty itself is per-seat; Events API v2 integrations are included with any paid PagerDuty plan.

Can I route different domains to different PagerDuty services?

Yes. Create one PagerDuty destination per integration key (i.e. per service) and separate alerting rules per group of domains. The same rule can also fan out to Microsoft Teams or Telegram so the same expiry event reaches multiple teams.

What severity do Certimon incidents use?

Certimon maps the reminder window to PagerDuty severity: 30-day windows trigger as info or warning, 7-day windows as warning, and ≤1-day or already-expired certificates as critical — so escalation policies fire only when it really matters.

Do incidents auto-resolve when a certificate is renewed?

Yes. Certimon sends a resolve event for the same dedup key when the next check sees a renewed certificate past the threshold, so the PagerDuty incident closes automatically without manual cleanup — and your MTTR metrics stay honest.

How do I rotate or revoke the PagerDuty integration key?

Open the PagerDuty service's Integrations tab and either generate a new Events API v2 integration or remove the existing one. Paste the new key into the matching destination in the Certimon dashboard. To revoke entirely, delete the integration — Certimon will mark the destination as failing on the next send.

Related guides

Microsoft Teams SSL certificate alerts

Bind alongside PagerDuty so the on-call gets paged and the team channel gets the context card.

Telegram SSL certificate alerts

Mirror critical PagerDuty incidents to a personal Telegram channel for ultra-low-latency push.

Free SSL certificate monitoring

Unlimited domains, free forever — the full pricing & limits overview.

Datadog SSL monitoring alternative

When a focused, free SSL-expiry-to-PagerDuty alert is enough — and when it isn't.

Page your on-call when SSL is about to expire — for free

Add the Events API v2 integration, paste the key into Certimon, attach it to your domains — and let your escalation policy do the rest.

Open the Certimon dashboard