CrtMgr Blog - SSL/TLS Certificate Management Insights

Expert insights on SSL/TLS certificate management, types, deployment, and best practices

EN PL

How to Add a New Website for Certificate Monitoring in CrtMgr

Published on January 21, 2026 by CrtMgr Team • 6 min read
Tutorial Monitoring SSL CrtMgr Certificate Management

You know that sinking feeling when a client emails you saying their site shows a certificate warning? Or worse — when you find out via a support ticket that your own production API has been returning SSL errors for the past three hours? Both situations have the same root cause: nobody was watching the certificate.

Adding a site to CrtMgr takes under a minute, and once it’s in there, you get automatic expiration tracking, configurable alerts, and a historical record of every scan. This guide walks through the process step by step — from first login to your first alert configured and ready to fire.

If you’re new to certificate monitoring and want to understand the broader landscape (including Prometheus integration and alert workflows), check out the SSL certificate monitoring with Prometheus and Grafana guide for a deeper dive into observability options.

Prerequisites

Before you begin, you’ll need a few things. First, an active CrtMgr account (sign up here if you don’t have one). You’ll also need the domain name or URL of the website you want to monitor, plus appropriate permissions if you’re on a team account.

Step-by-Step Guide

Step 1: Access the Dashboard

Log in to CrtMgr at https://crtmgr.com/en/login. After logging in, you’ll land on your main dashboard showing all currently monitored websites.

Step 2: Add a New Website

Click the “Add Website” button in the top-right corner of the dashboard, or use the “+” icon in the navigation menu.

Enter your website details. For the URL/domain, enter the full domain name like example.com or www.example.com. Include the protocol if monitoring a specific service (e.g., https://api.example.com). Optionally give your website a friendly display name for easier identification, like “Production Website” or “Company Main Site”.

The monitoring port defaults to 443 (HTTPS), but change it if monitoring a service on a different port, such as 8443 for services on custom HTTPS ports.

Configure your monitoring settings. Choose a scan frequency: daily (default and recommended for most websites), every 12 hours for critical production sites, every 6 hours for high-priority services, or weekly for less critical or development sites.

Set alert thresholds based on your renewal workflow. The defaults are 60 days (first warning), 30 days (second warning), and 7 days (final critical warning), but you can customize these.

Step 3: Verify Certificate Detection

After adding the website, wait for the initial scan to complete—typically within 30 seconds. Review the certificate details including issuer (e.g., Let’s Encrypt, DigiCert), expiration date, valid from date, certificate type (DV, OV, EV), and Subject Alternative Names (SANs).

Check for warnings. A self-signed certificate warning is normal for development or internal sites. An expired certificate warning means the certificate is already expired. An “expiring soon” warning indicates the certificate expires within your alert threshold. A valid status means the certificate is valid and not expiring soon.

Step 4: Configure Notifications

Set up how you want to receive alerts. Navigate to Settings → Notifications and choose your notification channels. Email notifications are enabled by default. Dashboard notifications provide in-app alerts. Webhook integration sends alerts to Slack, Teams, or custom endpoints.

Configure email preferences by choosing which alerts to receive, setting quiet hours if needed, and adding multiple email addresses for team notifications.

Step 5: Test the Configuration

Force a manual scan by clicking the “Refresh” icon next to your website and verify that certificate details load correctly. Check the complete certificate chain to ensure all intermediate certificates are valid. Review alert settings to confirm thresholds are appropriate and test notification delivery if available.

Common Use Cases

Monitoring Multiple Subdomains

If you have multiple subdomains like www.example.com, api.example.com, and blog.example.com, add each subdomain separately if they have different certificates, or add the wildcard domain if you use a wildcard certificate. CrtMgr monitors the certificate presented by the server, so different subdomains may show the same certificate if they’re covered by a wildcard or SAN certificate.

Monitoring Development and Staging Sites

For non-production environments, add the site with a descriptive name like “Staging API”, use weekly scan frequency to reduce monitoring overhead, adjust alert thresholds if renewals are less critical, and consider using self-signed certificates for internal testing—CrtMgr will flag them appropriately.

Monitoring Third-Party Services

You can monitor certificates for services you depend on by adding the third-party domain (e.g., api.partner.com), setting appropriate alert thresholds, and getting notified if their certificate expires—useful for API dependencies. Note that you can only monitor publicly accessible endpoints; private or internal services require special configuration.

Advanced Features

Bulk Import

If you have many websites to add, go to Dashboard → Import and upload a CSV file with your domains. Use this format:

domain,name,port,scan_frequency
example.com,Production Site,443,daily
api.example.com,API Server,443,12hours
dev.example.com,Development,443,weekly

Tagging and Organization

Organize your monitored sites with tags. Edit website settings and add tags like production, staging, critical, customer-facing, or internal. Filter by tags in the dashboard for easier management.

Integration with External Monitoring

Connect CrtMgr with your existing monitoring stack using the Prometheus exporter to pull certificate metrics, webhook alerts to send notifications to Slack, PagerDuty, or OpsGenie, or API access to query certificate status programmatically. Visit the CrtMgr API documentation for integration details.

Troubleshooting

Website Not Found

If you see “Unable to connect to website,” verify the domain name is spelled correctly, check that the website is publicly accessible, ensure you’re using the correct port (default 443), and verify firewall rules don’t block CrtMgr’s IP ranges.

Certificate Not Detected

If you see “No certificate found,” confirm the site uses HTTPS (not HTTP), check that the certificate is properly installed, verify the domain resolves correctly with nslookup example.com, and try scanning with a specific port number.

Incorrect Certificate Shown

If CrtMgr shows a different certificate than expected, the domain might be behind a CDN (CloudFlare, Akamai) showing their certificate, SNI (Server Name Indication) might not be configured correctly, or a load balancer might be serving a default certificate. Verify SNI configuration on your server, check CDN/proxy settings, and contact CrtMgr support if the issue persists.

Best Practices

Review your monitored websites monthly, removing sites that are no longer active and updating names and tags for better organization.

Set alerts based on your renewal workflow. Use multiple alert thresholds like 60, 30, and 7 days. Configure team notifications for critical sites.

Document which team member is responsible for each certificate. Keep records of certificate renewal procedures and link certificates to specific applications or services.

Use CrtMgr’s API for automated certificate checks in CI/CD, integrate with your deployment pipelines, and set up webhooks for real-time notifications.

Now that you’ve added your first website to CrtMgr, here’s what to explore next:

  • Share certificate status with teammates or clients — CrtMgr lets you create both private (authenticated) and public (read-only) monitoring links. The guide to sharing monitoring links walks through exactly when to use each and how to set up password-protected access for clients.
  • Set up webhook notifications for Slack or Teams
  • Explore the API for programmatic access and CI/CD integration
  • Integrate with Prometheus and Grafana for full observability

Adding websites to CrtMgr for certificate monitoring takes less than a minute per site, and the peace of mind is immediate. Configure your alert thresholds once and you’re done — CrtMgr handles the scanning automatically.

The only thing worse than a certificate expiration is one you didn’t see coming. Add your sites today, get the alerts set up, and never be the person finding out about an expired cert from a user again.

Have questions? Check out our FAQ or contact support.

Related Articles