Skip to main content
All Use Cases
Operations

Domain and SSL Certificate Expiry Monitor

Daily scan of every company domain — stages a Linear task, owner email, and Slack alert before a cert or domain lapses.

Best forAgencyB2BSaaSServices
Agents10 required
Duration3-6 minutes

Certificates and domain registrations lapse silently and take customer-facing endpoints down at the worst possible time. This recipe scans your full domain inventory, reads both the WHOIS registration clock and the live TLS cert clock separately, scores each by days-to-expiry and blast radius, and for anything inside the window assembles an escalation pack in memory — a Linear task for the owner, an email, and a Slack alert. Every fact is sourced from a real probe, suppressed/do-not-contact owners are excluded, a stable per-expiry dedupe key stops re-runs from re-filing the same alert, and nothing is filed, sent, or posted until you approve.

How it runs

Multi-agent orchestration — here's the flow, step by step.

01

Resolve the domain inventory by merging memory + user-supplied + dev-tools-discovered domains, tag each with source, owner, and channel, and flag unassigned owners rather than guessing.

pm scanner
01

Set run parameters (expiry_window, severity ladder, subdomain scope), confirm the resolved inventory, and halt if it is empty rather than reporting a false all-clear.

workflow orchestrator
02

Run read-only probes per domain — verslay_domain_whois for registration expiry, verslay_website_status / verslay_dns_lookup for the live TLS cert validity, issuer, and SANs — timestamping every result as a source.

web researcher
02

Normalize into one row per (domain, check_type), compute days_to_expiry, dedupe by {domain}|{check_type}|{expiry_date}, and log every failed probe with its failure mode into the could-not-verify block.

data analyst
03

Assign each row a severity tier from two sourced inputs — time-to-expiry and blast radius — showing the driving values, never an opaque label.

business health scorer
03

Select the actionable set (Warning or worse), collapse healthy rows into a single roll-up line, and annotate each actionable row with its resolved owner.

data analyst
04

Lay out one proposed Linear task per actionable domain (or grouped per owner) with title, assignee, severity, sourced facts, and a due date ahead of expiry — staged, not filed.

task router
04

Draft the owner email naming the exact domain, which clock is expiring, the sourced date and days remaining, the issuer/registrar, and the concrete renewal next step.

email writer
04

Draft the scannable single-block Slack alert summarizing everything inside the danger window this run.

internal comms writer
04

Run the consent/suppression gate on recipients, persist the idempotency key {domain}|{check_type}|{expiry_date}|{touch_type} before any action, skip already-escalated touches, hold everything for approval, then execute each touch once and record it.

distributor
04

Assemble the deliverable — scan header, actionable escalation cards, healthy roll-up, could-not-verify list, skip/gap list, and the staged-action receipt.

report formatter

Required Agents

10
  • pm-scanner
  • workflow-orchestrator
  • web-researcher
  • data-analyst
  • business-health-scorer
  • task-router
  • email-writer
  • internal-comms-writer
  • report-formatter
  • distributor

Connections

Required

gmaillinearslackvercel

Optional

slackgmailoutlookresendnotionasanaclickup

What it does

  • Daily read-only scan of every company domain, sources merged from memory + hosting/DNS providers
  • Tracks two clocks separately: WHOIS domain registration expiry and live TLS certificate validity
  • Severity tiering by days-to-expiry and blast radius, with the driving values shown
  • Consent + suppression gate excludes do-not-contact / unassigned owners and snoozed channels
  • Idempotent per-expiry dedupe key so daily re-runs never re-file or re-email the same alert
  • Stages a Linear task, owner email, and Slack alert — nothing filed or sent before approval
  • Failed probes surfaced as 'could not verify' risks, never dropped or reported healthy
  • Honest degradation: missing PM / email / Slack connection each named with a gap note

Example prompt

Scan all our company domains and check both the domain registrations and the SSL certificates. If anything expires in the next two weeks, create a Linear task for the owner, draft them an email, and get a Slack alert ready for our ops channel so we fix it before it breaks anything.

Ready to deploy Domain and SSL Certificate Expiry Monitor?

Start free. One click, full agent orchestration.

Get Started Free →