New AI Incident Response, Multi-Region Agents, and Custom-Domain Status Pages — May 2026
Monitor Features overview Vendor status Uptime & synthetic checks Certificate lifecycle Operate Incident management Live demo
By goal Replace your stack Why ServiceAlert By signal Reliability hub   · Uptime rankings   · SLA compliance Outage map
Services
Check & scan SSL security grader Status checker DNS lookup Response time WHOIS lookup Calculators SLA calculator Downtime calculator Embed Status badges All tools →
Pricing
Guides Help center Uptime monitoring RUM & analytics Teams & shared monitors Developer API reference Status badges Learn Blog Outage reports FAQ Changelog
Dashboard
Certificate Lifecycle Management

Discover every cert, grade every chain, prove every audit.

SSL Labs-style A+ to F grading, CT-log auto-discovery for shadow certs, policy enforcement, OCSP/CRL revocation alerts, and audit-ready PCI / SOC 2 / NIST reports. The full Keyfactor / Venafi feature set without the six-figure quote.

Start free Try the free SSL check
A+ → F
SSL Labs grading
5
Compliance templates
40+
CAs in CAA mapping
$249
Flat / month
Three pillars

Every certificate, every chain, every control

One CLM surface that discovers what you didn’t know existed, grades what you did, and proves the whole estate to auditors.

Discovery

CT-log sweep via CertSpotter and crt.sh finds every cert ever issued for your domain — including the ones a contractor stood up four years ago and forgot.

Grading

SSL Labs-style A+ to F across protocol (30%), key exchange (30%), and cipher strength (40%). Heartbleed, POODLE, BEAST, CRIME, downgrade prevention all checked.

Compliance

Audit-ready PDFs for PCI-DSS 4.0, SOC 2 CC7.1, and NIST SP 800-52 Rev 2 with per-control findings, evidence, and historical trending.

Grading

Qualys SSL Labs — integrated, automated, alerted

The same grading methodology trusted by security teams since 2009, running on every monitored cert, every check interval, with alerts the moment a grade slips.

Letter grades, weighted scores, vulnerability checks

A+ when the chain is clean and the cipher posture is strong. F when something needs to be fixed before the next audit. Drop-glance the entire estate in a single dashboard, drill into per-cert detail when something flips.

  • Letter grades A+ through F, weighted across protocol / key exchange / cipher
  • Tests SSL 2/3, TLS 1.0-1.3 with full cipher-suite enumeration, FS / AEAD tagging
  • Heartbleed, POODLE, CRIME, BEAST, secure renegotiation, downgrade prevention
  • HSTS preload validation against Google’s official preload list
  • CAA policy validation across 40+ CAs — flag rogue issuers automatically
  • Free public scan at /tools/ssl-check, no account required
SSL security report
A+
example.comScore 96 / 100 · renewed 14 d ago
Protocol100
Key exchange100
Cipher90
TLS 1.3 supported · HSTS preload enabled · not vulnerable to Heartbleed
Discovery & governance

Find the certs you don’t know about. Govern the rest.

Most cert inventories are wrong by 20-30% because nobody tracks what shadow IT spun up two years ago. CT-log discovery fixes that on day one.

CT-log discovery + ownership + policy

One sweep through Certificate Transparency logs surfaces every cert ever issued for your domain. One-click adoption brings them under monitoring. Then assign owners, define org-wide policies, and let unacknowledged alerts auto-escalate.

  • Auto-discovery via CertSpotter and crt.sh — one-click adoption into monitoring
  • Primary, secondary, team-lead owners per cert. 4-hour escalation chain
  • 5 prebuilt policy templates: PCI-DSS, NIST 800-52, Zero Trust, LE Best Practices, SOC 2
  • CA-aware renewal forecasting (LE 90d, DigiCert annual, ACM 60d) with iCal export
  • Multi-environment scanning across every IP behind the domain — CDN, edge, LB diff
  • Custom metadata tags + side-by-side diff on every change (fingerprint, issuer, SAN)
CT discovery · *.acme.com
api.acme.comLet’s Encryptmonitored
auth.acme.comDigiCertmonitored
legacy.acme.comGoDaddyunowned
staging-old.acme.comLet’s Encryptunowned
shop.acme.devLet’s Encryptexpired
3 unowned certs found via CT log sweep · adopt all
Posture

One score, seven factors, the whole estate

Roll the entire certificate inventory up into a single 0-100 Cryptographic Posture Score. Track it weekly, share it with the board, watch it climb as findings get cleared.

Audit-ready PCI / SOC 2 / NIST reports

Generate PDF compliance evidence in one click. Each report includes per-control findings, supporting evidence, remediation recommendations, and historical trending so auditors see the trajectory, not just the snapshot.

  • Cryptographic Posture Score weighted across 7 factors — grade, expiry, protocol, chain, policy, ownership, revocation
  • OCSP/CRL revocation alerts — OCSP responder, OCSP stapling, CRL fallback
  • CA risk monitoring — alerts on browser-trust events (Entrust 2024, Symantec 2017)
  • TLS 1.3 enforcement reporting with NIST SP 800-52 Rev 2 / PCI-DSS 4.0 mapping
  • CT-log monitoring for rogue or unauthorized certs issued for your domains
  • Audit-ready PDFs for PCI-DSS 4.0, SOC 2 CC7.1, NIST SP 800-52 Rev 2
Cryptographic posture
87
Grade A42 certificates evaluated
Grade health92
Expiry health88
Protocol80
Chain integrity100
Policy75
PCI / SOC 2 / NIST PDF exports available
Bonus

Auto-issued Let’s Encrypt for your custom-domain status page

Want to host your status page at status.acme.com? We handle TXT verification, CNAME routing, and ACME issuance + renewal automatically. Atlassian charges $79/mo extra for the same thing.

From DNS verify to live cert in under 10 minutes

Add the TXT record to prove ownership, point CNAME at our edge, and our ACME automation issues the cert and keeps it renewed forever. No DNS-01 dance, no certbot config, no “forgot to renew” outage at 3am.

  • TXT verification via DoH — no waiting on local resolver propagation
  • HTTP-01 challenge over our nginx /.well-known/acme-challenge/ carve-out
  • Auto-renewal — we watch the 30-day window and reissue automatically
  • Included on every paid plan, no per-domain surcharge
status.acme.com setup
TXT verify _servicealert2 m
CNAME → edge.servicealert.ai1 m
ACME HTTP-01 challenge8 s
Cert issued — valid 90 djust now
Auto-renewal scheduled (60 d)queued
Live at https://status.acme.com · test it

Replace Keyfactor / Venafi for the cost of a single dinner.

Free tier covers 10 monitors. Business at $249/mo flat (unlimited users) covers the full CLM surface, including audit-ready compliance reports.

Start free Run a free SSL scan