Self-Hosted SSL and Domain Monitoring for MSPs: Stop Running a Separate Tool
An expired SSL certificate on a client's site is one of the most embarrassing problems an MSP can have. Not because it's hard to fix — it takes five minutes — but because it's completely preventable, and clients notice immediately.
Yet SSL and domain expiry monitoring is still an afterthought for most MSPs. Teams rely on email reminders from their registrar (if they remember to configure them), a separate SaaS tool like TrackSSL or UptimeRobot, or a spreadsheet someone updates once a quarter.
The problem isn't the monitoring itself. The problem is that it lives in a completely separate place from everything else you know about that client.
Why Tracking SSL Certs in a Separate Tool Creates Problems
When your SSL monitoring lives in a standalone tool, you get alerts — but you lose context.
A certificate expiry notification tells you a cert is expiring in 14 days. It does not tell you who the primary contact is, who manages that client's hosting, where the registrar credentials are stored, or whether a ticket is already open about it. You have to jump between systems to answer those questions.
Multiply that by 30 or 50 clients and you understand why certificates still expire — not because nobody got the alert, but because acting on the alert requires context that's scattered somewhere else.
The "Yet Another Tool" Tax
Standalone SSL monitoring tools add up in ways that are easy to dismiss individually but painful in aggregate.
SaaS pricing. Tools like TrackSSL charge per domain monitored. At scale — managing 20 clients with 5 to 10 domains each — you're paying a meaningful monthly fee for something that arguably should be a feature of your documentation platform.
Another login to manage. Your team needs access. New techs need onboarding. MFA needs configuring. You maintain another set of credentials, another subscription to renew, another vendor to deal with if something breaks.
Monitoring that isn't documented. When alerting lives in a separate system, it's invisible to the rest of your team unless they think to check it. If the person who configured the alerts leaves, nobody may know they exist — or that they quietly stopped working.
What Integrated Domain and SSL Monitoring Actually Looks Like
Weavestream includes domain and SSL monitoring as a native feature of the platform. You add domains for a client alongside their other documentation — assets, credentials, IP ranges, contacts — and monitoring runs automatically.
When a certificate or domain registration is approaching expiry, the alert is tied to the same record where all the relevant context already lives. The primary contact, the hosting credentials, the registrar login — it's all there, in the same place you're already working.
This is the practical difference between getting a notification and being able to act on it immediately. You're not hunting across tabs to piece together who owns the renewal.
For MSPs managing multiple clients, this is even more valuable. Every client's domains are visible in one place, alongside their full documentation. Onboarding a new tech doesn't require granting them access to a separate monitoring tool — it's part of the same platform they're already using for everything else.
Self-Hosted Means Monitoring Without Vendor Risk
SaaS monitoring tools introduce a dependency that's easy to overlook: if the vendor has an outage, changes pricing, or discontinues a free tier, your alerting breaks. You find out the next time a certificate quietly expires.
Weavestream is self-hosted. You run it on your own infrastructure — a VM, a VPS, a Docker host — and the monitoring runs on your schedule, with your data. There's no per-domain pricing, no seat limits on who can view domain status, and no SaaS subscription to renew.
The platform is licensed under AGPL-3.0 and backed by a Postgres database, which means your monitoring data lives in a database you control. You can query it, back it up, and migrate it without asking a vendor for an export.
Who Gets the Most Value from This
MSPs managing clients with many domains benefit from co-locating monitoring with client documentation. SSL expiry information next to credentials next to contacts dramatically reduces the friction of actually responding to alerts.
Small IT teams running infrastructure for a single organization often skip SSL monitoring entirely because standalone tools feel like overkill for what they need. Having it built into the documentation platform means it gets set up automatically as part of normal documentation hygiene.
Homelabbers running public-facing services need to track certificates across their own stack without depending on an external free tier that might disappear or rate-limit them.
Stop Running the Extra Tool
If you're already running an IT documentation platform, SSL and domain monitoring shouldn't be a second subscription or a second codebase to maintain. It should be part of the same system where you document everything else about your infrastructure.
Weavestream gives you that out of the box — self-hosted, open-source, and free. You can stand it up with Docker in about fifteen minutes.