A quick recap
Earlier this year, we launched Red Sift Certificates Lite, the free TLS certificate expiration monitoring service recommended by Let’s Encrypt. Since launch, thousands of organizations have adopted it to track their certificates and avoid expiry-related outages.
What we heard from customers
At launch, we had adopted Let’s Encrypt’s approach for consistency with its retiring service: notify based on certificate expiry status, not on whether a certificate was actively deployed.
Unsurprisingly, users told us these alerts weren’t always useful, especially when they flagged certificates no longer in use. What really matters is knowing when the certificates your domains are actually using are about to expire.
In our Certificates Enterprise product, we’ve long solved this with detection of active certificates across HTTPS (port 443), SMTP (port 25), and dedicated network range scans across the 1,000 most popular TCP and UDP ports. Extending that level of network handshakes to an unknown number of free users required extra work, but now that it is complete, we’re pleased to make a Lite-appropriate version available.
What’s new
With this update, Certificates Lite performs daily scans over HTTPS (port 443), giving you visibility into all endpoints of your domains and the certificates installed on each one. We’ve focused on HTTPS because for the majority of Lite users — often hobbyists and smaller organizations — the main priority is ensuring their websites and web services are secure and available, making it the most valuable place to start.
We’ve also added a new email notification setting that sends expiry alerts only for Active certificates. This will become the default setting in Certificates Lite, so you’re only notified about the certificates that actually matter to your domains. You can change this setting anytime if you’d like to receive alerts for all certificates.
So, you can now:
- See whether a certificate is actively deployed
- Identify which certificate is installed on each monitored endpoint
- Receive expiry alerts only for Active certificates, reducing noise from certificates you no longer use
Sometimes seeing is believing. Check out this short interactive demo to see how endpoint scanning and Active certificate alerts work in practice.
Why it matters
This update fills a critical visibility gap by showing you which certificates are actively deployed, and only alerting you on those. No more noise from unused certificates, just clear insights into what’s protecting your domains.
Get started
If you’re already using Certificates Lite, you don’t need to do anything — the updates are live today. If you haven’t tried it yet, sign up for free and start gaining visibility into your certificates today.
