How to Share Certificate Monitoring Links in CrtMgr: Private vs Public Access

You’ve set up certificate monitoring, you have alerts configured, and everything looks good on your side. Now your client calls asking whether their certificate is still valid. You either go look it up and relay the information, or — if you’re thinking ahead — you already have a link ready to send them that shows exactly that, updated in real time, without giving them access to anything else in your account.

That’s what CrtMgr’s sharing features are built for. Whether you need to loop in a team member with full edit access, give a client read-only visibility into their site’s certificate status, or embed a certificate health indicator into your own status page, there’s a link type for it. This guide covers how each option works, when to use which, and the security considerations to keep in mind.

Before diving in: if you haven’t yet added your websites to CrtMgr for monitoring, the guide to adding a website for certificate monitoring walks through that first. This guide picks up from there.

Understanding Link Types

Private Links (Authenticated Access)

Private links require authentication and are accessible only to authorized users with CrtMgr accounts. They require login, use access controlled by team permissions, provide full dashboard functionality, allow actions like refresh and edit settings, show sensitive information including API keys and webhooks, and maintain an audit trail of who accessed what. Use them for team members working on certificate management, internal DevOps and SRE teams, and administrators who need full control.

Public Links (Anonymous Access)

Public links provide read-only access to certificate status without requiring login or authentication. They need no login, offer view-only access, can be shared with anyone, expose no sensitive information, limit display to certificate status and expiration, and support optional password protection. Use them for sharing status with clients, external contractors or consultants, public status pages, and embedding in documentation or portals.

How to Create Private Monitoring Links

Navigate to Settings → Team Management and click “Invite Member”. Enter the team member’s email address and select their role: Admin for full access (all sites, settings, team management), Editor to manage sites and view certificates, or Viewer for read-only access to all sites. Send the invitation—the team member receives an email with a registration link, creates a CrtMgr account if needed, and is automatically added to your team with assigned permissions.

To give access to specific sites only, go to the website detail page, click Share → Add Team Member, select the team member from the dropdown, and choose their access level: View to see certificate status and history, Edit to modify settings and refresh certificates, or Admin for full control including delete. Click Grant Access and the team member can now access this specific site through their dashboard.

For temporary or external team access, open website details, click Share → Create Private Link, and configure options including expiration (24 hours, 7 days, 30 days, or never), access level (View-only or Edit access), and whether to require re-authentication (force login each time). Copy the link and share it securely via email, Slack, or other channels. Note that private links require the recipient to have a CrtMgr account and appropriate permissions.

How to Create Public Monitoring Links

Navigate to website settings and go to the Sharing tab. Toggle “Enable Public Access”. Configure what information is visible: domain name, certificate expiration date, days until expiration, certificate issuer, and certificate validity status. Historical monitoring data, alert settings, team members, webhook configurations, and API credentials remain hidden.

Optional settings include password protection (add a password for semi-public access), custom branding to remove CrtMgr branding (Pro plan), and custom domains to use your own domain for status pages (Enterprise).

Click “Generate Public Link” and copy the generated URL. Share the link via email to clients, embed in your status page, link from customer portal, or include in documentation. For semi-public access, enable “Password Protection” in public link settings, set a password (or generate a random one), and share the password separately from the link for security. Recipients need to enter the password to view the certificate status.

Best Practices for Sharing

Security Best Practices

1. Principle of Least Privilege

   • Only grant the minimum access needed
   • Use view-only access when possible
   • Regularly review and revoke unnecessary access

2. Link Expiration

   • Set expiration dates for temporary access
   • Review and rotate public links quarterly
   • Revoke links when team members leave

3. Separate Credentials

   • Don’t share passwords in the same channel as links
   • Use password managers for sharing credentials
   • Require strong passwords for password-protected links

4. Audit Access

   • Regularly review who has access to what
   • Check access logs for unusual activity
   • Remove inactive team members

Collaboration Best Practices

1. Clear Communication

   • Document which team members manage which certificates
   • Use descriptive names for sites (not just domain names)
   • Add notes about responsibility and renewal process

2. Client Communication

   • Use public links for client visibility
   • Set expectations about what clients can see
   • Proactively share certificate renewal updates

3. Internal Teams

   • Create dedicated teams for different projects/clients
   • Use tags to organize sites by team or project
   • Set up team-specific notification channels

Managing Shared Access

Viewing Active Shares

1. Go to Settings → Shared Links
2. See all active links:
   • Link URL
   • Access type (private/public)
   • Created date
   • Last accessed
   • Expires on

Revoking Access

To revoke a shared link:

1. Find the link in Settings → Shared Links
2. Click “Revoke”
3. Confirm revocation

The link immediately stops working, and anyone with the link can no longer access the certificate information.

To remove a team member:

1. Go to Settings → Team Management
2. Find the team member
3. Click “Remove”
4. Confirm removal

All their access is immediately revoked.

Advanced Sharing Features

Embedding Public Status

Embed certificate status in your website or portal:

<iframe 
  src="https://crtmgr.com/en/status/public/xyz789abc123/embed" 
  width="100%" 
  height="200" 
  frameborder="0">
</iframe>

This displays a widget showing certificate status without requiring users to leave your site.

Custom Status Pages

Create a custom-branded status page (Pro/Enterprise plans):

1. Enable custom status pages in Settings

2. Configure branding:

   • Add your logo
   • Customize colors
   • Set custom domain (CNAME)

3. Add multiple certificates to one status page

4. Share the custom domain (e.g., status.yourcompany.com)

Webhook Integration

Share status updates programmatically. If you’re running a more comprehensive monitoring stack, CrtMgr webhooks can feed into systems like PagerDuty or trigger actions in your Prometheus and Grafana alerting pipeline — letting you centralize certificate alerts alongside your other infrastructure metrics:

1. Configure webhooks in website settings

2. Choose events:

   • Certificate expiring soon
   • Certificate expired
   • Certificate renewed
   • Scan failed

3. Send to:

   • Slack channels (for team visibility)
   • Microsoft Teams
   • PagerDuty (for on-call alerts)
   • Custom webhook endpoints

Example Slack notification:

{
  "text": "Certificate Expiring Soon",
  "attachments": [{
    "title": "example.com",
    "text": "Certificate expires in 15 days (Feb 5, 2026)",
    "color": "warning",
    "fields": [
      {"title": "Domain", "value": "example.com"},
      {"title": "Expires", "value": "2026-02-05"},
      {"title": "Days Left", "value": "15"}
    ]
  }]
}

Common Scenarios

Scenario 1: Sharing with External Client

Goal: Show certificate status to a client without giving full access

Solution:

1. Create a public link for the client’s sites
2. Enable password protection
3. Send link and password separately
4. Set expiration after project completion

Scenario 2: Team Collaboration

Goal: Multiple team members need to manage certificates

Solution:

1. Invite team members with appropriate roles
2. Grant site-specific access where needed
3. Set up Slack webhook for team notifications
4. Use tags to organize sites by team responsibility

Scenario 3: Contractor Access

Goal: Grant temporary access to an external consultant

Solution:

1. Create a private share link with expiration
2. Set view-only access
3. Limit to specific sites they need
4. Automatically revokes after project ends

Scenario 4: Public Status Page

Goal: Show certificate health on public website

Solution:

1. Create public links for public-facing services
2. Embed status widget on website
3. No password protection (fully public)
4. Shows only basic certificate status

Troubleshooting

Link Not Working

Issue: Shared link returns “Access Denied”

Solutions:

• Check if link has expired
• Verify link wasn’t revoked
• For private links, ensure user is logged in
• For password-protected links, verify correct password

Permission Issues

Issue: Team member can’t see expected sites

Solutions:

• Check team member role and permissions
• Verify site-specific access grants
• Ensure team member is in the correct team
• Check if their account is active

Public Link Shows Wrong Information

Issue: Public link displays outdated information

Solutions:

• Force a manual refresh of the site
• Check that public sharing is enabled
• Verify link is using the correct site ID
• Clear browser cache

CrtMgr’s sharing options cover the full range of collaboration scenarios — from a team member who needs to update alert settings, to a client who just wants to see if their cert is still valid, to a public status page that shows certificate health without exposing any account details.

The decision tree is simple: if the person needs to make changes, use a private link with appropriate role permissions. If they just need visibility, use a public link (with a password if it’s not meant to be truly public). Set expiration on anything temporary, and revoke access as soon as it’s no longer needed.

Looking for more certificate management tips? Explore our blog or get started with CrtMgr.