webprofusion-chrisc
commented
5 months ago Thanks, that's a good idea - we'd probably need to ping our API because a check from the local server isn't enough (local servers are forever managing to resolve themselves but in reality they're not resolvable or blocked on the internet).
We do currently have this tool: https://chainchecker.certifytheweb.com/ which is sort-of related but not quite.
It would be awesome to have Certify the Web also monitor and make sure that the newly created certificate (new thumbprint) is being used.
Maybe a second red, yellow, and green indication light.
Red: no TLS certificate found at all Yellow: found a TLS certificate, but does not match the thumbprint created by CTW. Green: Found the TLS certs, and it matches the one CTW made.