Step 01
Deploy the agent
Install the CertWatch container on a VM, Raspberry Pi, Odroid, or any small x86 box on your LAN. HTTPS dashboard on your network; your data never leaves the host unless you choose to export it.
Self-hosted certificate monitoring
CertWatch runs inside your network, watches the certs you care about, and sends alerts while you still have time to renew — not after customers call.
How it works
CertWatch is built for operators who already run Docker and do not want another cloud dashboard holding their inventory hostage.
Step 01
Install the CertWatch container on a VM, Raspberry Pi, Odroid, or any small x86 box on your LAN. HTTPS dashboard on your network; your data never leaves the host unless you choose to export it.
Step 02
Add domains manually, paste PEM certs for offline assets, or run network discovery — auto-detect local subnets, IP ranges, or DNS zones to find TLS services you forgot were there.
Step 03
SMTP alerts at warning and critical thresholds, MSP-style early warnings at 60 and 30 days, monthly status reports, and per-domain test sends so you know email works before expiry day.
Who it is for
Drop a CertWatch instance per client site (or per segment), white-label the experience, and stop finding out about expired certs from the help desk.
Monitor internal apps, dev/staging hosts, and appliances that never made it into your public CA workflow — without opening firewall holes to a SaaS scanner.
Features
CertWatch is the product name for a mature monitoring stack — network scanning, alerting, and a operator-first UI, not a weekend script with a login form.
Scheduled checks, issuer and SAN visibility, days-remaining at a glance, manual check-now when you need it.
Auto-detect local networks, CIDR/range scans, and DNS zone queries with live progress — find TLS before it becomes a ticket.
Warning and critical thresholds, test sends, monthly reports, and MSP early-warning paths — Office 365 and Gmail presets supported.
Single-container deploy, persistent volume for config and history, restart on boot. You control updates and backups.
Password-protected UI, setup wizard, optional custom TLS for internal hostnames and IPs — no blind trust in random SaaS dashboards.
Run under your brand per client. CertWatch is the public name; your clients see your deployment, your alerts, your relationship.
Monitor certificates on air-gapped or non-routable systems by pasting PEM — no live TLS required for inventory.
Light, dark, and system themes. Expandable cert details, renewal hints for major CAs, domain add/remove without SSH.
Aggregate many CertWatch agents into one management view — built for MSPs scaling past one dashboard per site.
Waitlist members get pricing preview and beta access to the multi-site console.
Hardware
If it runs Linux and Docker, it can run CertWatch. Low power, low noise, LAN-local.
Pricing
TBD
We are finalizing per-site and MSP bundle pricing. Join the waitlist for early-access pricing and pilot terms — no commitment required.