Use cases/Automation

Domain & SSL Expiry Monitor

For indie hackers running 5+ domains: track every domain's expiry, every cert's renewal, and never wake up to an expired site again.

Automationmedium~30m setup
Tools
execweb_fetchmemorymemory_search
Channels
telegram
Uses
cron

If you've ever shipped a side project, you've forgotten to renew a domain or let a cert expire. Either kills the site silently — and the user discovery happens via "your site is broken" tweets. The monitor checks every domain you own, every week, and warns you 30 days before any expiry.

What it does

  • Maintains a list of your domains (and their cert types)
  • Weekly check: WHOIS expiry + cert validity + cert expiry
  • Alerts at 60 days, 30 days, 7 days before expiry
  • For Let's Encrypt certs (auto-renewing), verifies the renewal actually happened
  • Detects DNS misconfiguration: domain expired but cert still valid (or vice versa)

What you'll need

  • Exec for whois, openssl, dig
  • A list of your domains
  • Cron for weekly checks
  • Optional: certbot logs accessible if you self-host renewals

Setup

1. Define your domain list

Send to Flowly
Remember domain inventory (tag "domains"): - useflowlyapp.com — registrar Cloudflare, cert Let's Encrypt (auto) - hakanoren.com — registrar Namecheap, cert Let's Encrypt (auto) - some-side-project.dev — registrar Porkbun, cert Cloudflare proxy For each: domain, registrar, cert_type (LE-auto / commercial / proxy), contact_email, expected_expiry (manual, will verify).

2. Define the check protocol

Send to Flowly
For each domain in inventory: 1. WHOIS expiry: exec: whois <domain> | grep -i "expir" Parse the date. Compare to today. 2. Cert expiry: exec: echo | openssl s_client -servername <domain> -connect <domain>:443 2>/dev/null | openssl x509 -noout -dates Parse "notAfter". 3. Compute days until expiry for both. 4. Status determination: - Either < 60 days: WARN - Either < 30 days: ALERT - Either < 7 days: CRITICAL (phone call alert via /phone-alerts) - Domain expired or cert expired: EMERGENCY 5. Save to memory tagged "domain-status:<domain>" with timestamp, whois_expiry, cert_expiry, status.

3. Weekly cron

Send to Flowly
Cron "domain-monitor" every Monday at 9 AM: For each domain, run the protocol above. Send Telegram digest: 🌐 Domain & cert status ✅ All clear: 5 domains ⚠️ Renewing soon (< 60d): - example.com — domain 47d, cert 21d (LE will auto-renew at 30d) 🚨 Action needed (< 30d): - urgent.dev — domain 14d, NOT auto-renew, manual action required

4. Critical alerts (don't wait for the cron)

For CRITICAL or EMERGENCY status, fire phone alert immediately:

Send to Flowly
On any domain status change to CRITICAL or EMERGENCY between weekly checks, fire phone_alert(severity="critical", message=...) — see [phone alerts use case](/docs/use-cases/phone-alerts). Daily check at 8 AM for status changes: - Compare current status to last week's status - If degraded, alert immediately - If improved (renewal happened), log "renewed: <domain>" and continue

Tips

  • Trust but verify auto-renewal. Let's Encrypt usually works, but cert auto-renewal has failed historically (rate limits, DNS challenges). The monitor catches this.
  • Email contact must be current. Registrars send renewal warnings to the registered email. If yours is dead, you miss them. Audit your contact info on the first run.
  • Domains don't auto-renew (usually). Most registrars ENABLE auto-renewal by default but it can fail (expired card, blocked charge). The 60-day warning gives you a buffer.
  • Cloudflare-proxied vs origin certs. If you proxy through Cloudflare, the cert your monitor sees is Cloudflare's — check the origin cert too if you have one.
  • Wildcard certs share a fate. When *.example.com expires, every subdomain breaks. Wildcards need closer attention.
  • Annual renewals beat monthly auto-bills. A 5-year domain registration costs slightly more upfront but eliminates 4 future renewal worries.