CertWatch now pages PagerDuty when your cert is about to expire

Slack and Discord webhook alerts are great for low-urgency notifications. Nobody loses sleep over "your cert expires in 30 days."

But "your cert expires in 1 day" is different. That one should wake someone up.

CertWatch now supports PagerDuty as a fourth alert delivery provider alongside Slack, Discord, and Teams.

How it works

PagerDuty uses a different model than the other providers. Instead of a webhook URL per channel, you get a 32-character routing key (they call it an integration key) that routes alerts to a specific service in your PD account.

The registration is simpler as a result:

POST /auth/webhook
{
  "provider": "pagerduty",
  "url": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4",
  "label": "prod-cert-alerts"
}

The url field stores the routing key. CertWatch validates it (at least 20 alphanumeric characters) and always POSTs to https://events.pagerduty.com/v2/enqueue — the Events API v2 endpoint.

The payload

Each alert creates a PagerDuty incident with:

• Summary: the alert title (domain + days remaining)
• Source: certwatch
• Severity: info / warning / critical (mapped from CertWatch's 30/14/7/1-day thresholds)
• Custom details: the full alert body

CertWatch only fires event_action: trigger. It doesn't auto-resolve — there's no clean "cert renewed" signal to close the incident on. You close it manually after verifying the renewal.

Why PagerDuty and not OpsGenie

PagerDuty has a broader install base in the MSP and DevOps space that CertWatch targets. OpsGenie has a similar webhook-based integration but requires more account setup. PagerDuty's Events API v2 is one of the cleanest alert ingestion APIs I've seen — no authentication header, just the routing key in the body.

OpsGenie support would be a straightforward addition if there's demand.

When to use which provider

| Threshold | Provider recommendation | |---|---| | 30 days | Slack or Discord (low urgency, informational) | | 14 days | Slack or Discord (take action this week) | | 7 days | Teams or Slack (get it on someone's task list) | | 1 day | PagerDuty (wake someone up) |

You can register multiple webhooks per account. Route the 30-day alert to Slack and the 1-day alert to PagerDuty if that's your on-call policy.

CertWatch monitors SSL certs and domains with 30/14/7/1-day email alerts and Slack/Discord/Teams/PagerDuty webhooks. Currently accepting early users.