How to Monitor SSL Certificate Expiry with n8n (Before It Costs You)

An expired SSL certificate is one of those things that shouldn’t happen — but does, constantly. One day your site is fine, the next your visitors are staring at a browser warning that says “Your connection is not private.” Google drops your rankings. Customers bounce. And you’re scrambling to figure out why nobody told you the cert was expiring.

I’ve seen it happen to agencies, SaaS companies, and solo developers alike. The fix is simple: don’t rely on memory. Automate it.

Why SSL Monitoring Matters

Let’s be clear about what’s at stake when a certificate expires:

• SEO damage — Google penalises sites serving expired certificates. Rankings can drop within hours.
• Lost revenue — Chrome, Firefox, and Safari all show scary warnings. Most visitors will hit “Back” immediately.
• Trust erosion — If your site can’t keep its own certificates current, what does that say about how you handle customer data?
• Downtime cascading — APIs behind expired certs will fail, breaking integrations, webhooks, and payment flows downstream.

The irony is that SSL certificates are designed to auto-renew. But auto-renewal fails more often than you’d think — DNS changes, hosting migrations, misconfigured ACME clients, or simply a provider that quietly stopped renewing.

The n8n Approach

Rather than installing yet another monitoring tool, you can build this directly in n8n. The workflow checks your domains on a schedule, reads the certificate expiry date, and alerts you via Slack (or email, or Telegram — whatever you prefer) when a cert is within 30 days of expiring.

Here’s the logic:

1. Schedule Trigger — Runs once daily (no need to hammer it more than that)
2. HTTP Request — Hits each domain to read the SSL certificate details
3. IF Node — Checks if the expiry date is within your threshold (30 days is sensible)
4. Slack/Email — Sends an alert with the domain name and days remaining

The whole thing takes about 10 minutes to set up and costs nothing to run.

What the Workflow Looks Like

The core of the workflow is an HTTP request that connects to your domain on port 443 and reads the certificate metadata. n8n’s HTTP Request node can extract response headers, and combined with a Function node, you can parse the valid_to date from the certificate chain.

For multiple domains, you use a Split In Batches approach — feed in a list of domains from a Google Sheet or a simple array, and the workflow iterates through each one, checking expiry dates and collecting any that are approaching their deadline.

The IF node then filters: if daysRemaining < 30, it routes to your alert channel. Everything else gets logged silently.

Real-World Benefits

At Quartalis, we monitor over a dozen domains and subdomains across multiple projects. Before automating this, we had a near-miss where a staging environment cert expired and broke a webhook chain that fed into a production pipeline. The fix took 5 minutes. Finding the cause took 2 hours.

Since setting up automated monitoring:

• Zero expired certificates across all domains
• Average alert lead time of 28 days before expiry
• No manual checking — the workflow runs silently until something needs attention

Beyond Basic Monitoring

Once you have the SSL check running, it’s easy to extend:

• Add uptime monitoring — Check HTTP status codes in the same workflow
• Monitor response times — Log how long each domain takes to respond
• Track certificate authority changes — Get alerted if a cert is issued by a different CA than expected (potential security concern)
• Weekly summary — Send a Monday morning report showing all domains and their cert status

Get the Ready-Made Template

If you want to skip the setup and import a tested, production-ready version directly into your n8n instance, we sell a pre-built SSL Certificate Expiry Monitor template for £19. It includes the workflow JSON, full documentation, and covers multi-domain monitoring out of the box.

Or if your monitoring needs are more complex — custom alerting rules, integration with PagerDuty or OpsGenie, multi-team routing — get in touch and we’ll build something bespoke.

Wrapping Up

SSL monitoring is one of those automations that pays for itself the first time it catches something. It takes minutes to set up, runs silently in the background, and the one time it fires an alert, you’ll be glad it’s there.

The broader point is this: if you’re running any kind of infrastructure — even a single website — the things that break aren’t the things you’re watching. They’re the things you forgot to watch. Automate the boring checks so you can focus on building.