A self-hosted dashboard that monitors every SSL certificate across your infrastructure — public domains, internal services, and hidden subdomains behind your firewall. One-command Docker install. Yours to own.
SSL certificates expire silently. No warning. No dashboard. Just a downed service and an angry client at 2am.
Certificates expire without warning. Your monitoring only catches it once the site is already down — usually when a client calls, not before.
Already too lateInternal middleware, APIs, and admin portals behind your firewall run on SSL certificates too. Public scanners can't see them. You're flying blind on half your infrastructure.
Off the radar entirelyTeams track renewals in shared spreadsheets or rely on calendar reminders. Someone leaves. The spreadsheet goes stale. The cert doesn't know the reminder was deleted.
Breaks when you need it mostFull visibility across your certificate estate. Public and private. Known and discovered.
Connects directly to each host, pulls the live certificate, and extracts issuer, expiry, SANs, key algorithm, fingerprint, and wildcard status. No agents. No plugins.
Sends alerts at 30 days, 7 days, and on expiry via Slack or any webhook. Configure per-channel. Multiple alert channels per plan.
Automatically discovers subdomains via crt.sh Certificate Transparency logs and a concurrent DNS wordlist scan. Runs weekly. Finds what you forgot you deployed.
Point the scanner at your internal nameserver. Attempts a full AXFR zone transfer — dumps your entire internal zone in seconds. Falls back to wordlist if AXFR is refused.
Admin, Editor, and Viewer roles. Admins manage users and settings. Editors add and scan domains. Viewers read everything. User seat count enforced by your plan.
Per-domain renewal status — Pending, In Progress, Renewed, Auto-Renewal, Manual. Add notes, contacts, and action items. Track the full lifecycle, not just the expiry date.
Bulk import your existing domain inventory from a spreadsheet. Export the full estate with cert details, status, and expiry dates for reporting or audit purposes.
Every scan result, renewal status change, and user action is logged with timestamp and actor. Full audit trail per domain. Never lose track of what changed and when.
Three containers — FastAPI backend, React frontend via nginx, PostgreSQL. Runs on any Linux server. One compose file. No cloud account required.
Connect your Cloudflare account via API token. SSL Dashboard fetches your zones and all A-record subdomains, lets you select exactly what to import, and bulk-adds them with a single click.
From bare server to full certificate visibility in one command.
Purchase a plan. You receive a licence key via email. Standard, Pro, or Enterprise — each unlocks different domain and user limits.
One curl command on any Linux server with Docker. The script validates your key, pulls the images, generates secrets, and starts the stack.
Log in to the dashboard. Add domains one by one, bulk import via CSV, or let the subdomain scanner discover them automatically from your zone.
Configure a Slack channel or webhook. Scans run daily. Alerts fire at 30 days, 7 days, and on expiry. You know before your clients do.
Most SSL monitors query public Certificate Transparency logs. If your service isn't publicly registered, they'll never find it. SSL Dashboard can point directly at your internal nameserver — on-prem, behind VPN, or on a private VLAN.
192.168.1.53) in domain settingsImport your entire domain portfolio in seconds. No manual entry required.
If your DNS is on Cloudflare, you already have the full list of your domains and subdomains sitting in their API. SSL Dashboard connects directly to your Cloudflare account, fetches every zone and every A-record, and lets you cherry-pick or bulk-import the lot.
cloudflare automatically so you can filter them laterAnnual licence. Runs on your infrastructure. No monthly SaaS bill. No per-domain charges.
What you get with SSL Dashboard versus the alternatives.
| Feature | SSL Dashboard | CertSpotter | UptimeRobot | Build Your Own |
|---|---|---|---|---|
| Self-hosted — you own the data | ✓ | ✗ | ✗ | ✓ |
| Internal / private domain scanning | ✓ | ✗ | ✗ | Build it |
| AXFR zone transfer discovery | ✓ | ✗ | ✗ | Build it |
| Subdomain discovery built-in | ✓ | ✓ | ✗ | Build it |
| Cloudflare zone import | ✓ | ✗ | ✗ | Build it |
| Renewal workflow tracking | ✓ | ✗ | ✗ | Build it |
| Multi-user RBAC | ✓ | ✗ | ✓ | Build it |
| One-command Docker install | ✓ | ✗ | ✗ | Build it |
| No per-domain pricing | ✓ | ✗ | ✗ | ✓ |
| Annual cost at 50 domains | R990/yr | $240+/yr | $84+/yr | Your time |
Your cert data should live on your server. Not ours.
Most SSL monitoring tools are SaaS dashboards. You hand them a list of your domains. They scan them from their infrastructure, store the results in their database, and charge you monthly — forever — for the privilege.
SSL Dashboard is different. The scanner runs on your server. Your certificate data never leaves your infrastructure. Your internal services — the ones behind your firewall that SaaS tools can never reach — get monitored too.
When you renew next year, you're paying for continued updates and support — not for access to your own data. The data is yours, always.
And because it's self-hosted, it can see what no external tool ever could: your internal middleware, your payment APIs, your ERP system — every certificate on your network, not just the public ones.
One command. Running in minutes. Your infrastructure, your data, your rules.