CertWatch Pro now lets you set custom alert thresholds per domain

The default CertWatch alert ladder — 30, 14, 7, and 1 day before expiry — is a reasonable default for most domains. But it's not right for every domain.

A customer-facing wildcard cert might need a 60-day heads-up because the renewal process involves an external CA with a two-week lead time. An internal test domain might not need any reminder until 3 days out. A domain you manage for a client under a specific SLA might need weekly reminders from 45 days out.

CertWatch Pro now lets you set a custom alert ladder per domain.

How it works

PATCH /domains/example.com
{"alert_days": [60, 30, 14, 7, 1]}

That's it. CertWatch stores the alert_days list in the domain record and uses it instead of the global default. The daily cron reads the custom list and fires alerts at exactly those intervals.

To reset a domain back to the global default:

DELETE /domains/example.com/thresholds

Validation rules

• 1–10 thresholds per domain (no more, no less)
• Each value: integer, 1–365 days
• No duplicates
• Stored sorted descending (so 60 fires before 30)

If you pass unsorted values (like [7, 60, 30, 1]), CertWatch sorts them for you before saving.

Idempotency still works

The existing idempotency guarantee applies to custom thresholds too. If CertWatch has already fired a d60 alert for a domain today, it won't fire again until tomorrow's run — even if you update the threshold mid-day. The same last_alert_at_<label> stamp mechanism that prevents duplicate emails at d30 or d7 works exactly the same way for custom rungs.

Dashboard visibility

GET /domains now includes alert_days in the response for each domain where a custom ladder is set. Domains on the global default don't include the field — so your API consumer can tell at a glance which domains have been customized.

Who should use this

• External CA renewals — If your CA takes 2+ weeks to issue a cert, set [60, 45, 30, 7] for those domains.
• Client domains — Different clients have different SLA requirements. Set the alert ladder to match their contract.
• Internal infra — Test/dev domains that expire and you don't care as much. Set [7, 1] and skip the 30/14 noise.
• High-stakes domains — Your primary business domain. Set [90, 60, 30, 14, 7, 3, 1] if you want to be cautious.

CertWatch is on the Pro plan at $15/mo. Per-domain custom thresholds are a Pro feature.