Skip to content

docs: add SSL monitor documentation#427

Open
danielpaulus wants to merge 3 commits into
mainfrom
docs/ssl-monitors
Open

docs: add SSL monitor documentation#427
danielpaulus wants to merge 3 commits into
mainfrom
docs/ssl-monitors

Conversation

@danielpaulus

Copy link
Copy Markdown

Summary

  • Adds detect/uptime-monitoring/ssl-monitors/overview.mdx — what SSL monitors do, how they work, the security baseline grade table, and common troubleshooting accordions
  • Adds detect/uptime-monitoring/ssl-monitors/configuration.mdx — full config reference: hostname/port, SNI server name, handshake timeout, alert days before expiry, skip chain validation, mTLS client certificate mode, security baseline rule overrides, assertions table, response time limits, scheduling, and additional settings
  • Adds constructs/ssl-monitor.mdx — CLI/IaC construct reference with basic + advanced TypeScript examples, SslMonitor + SslConfig parameter tables, SslAssertionBuilder method reference with typed constants (TlsVersion, CipherSuite, SignatureAlgorithm), and five tabbed examples (expiry alert, strict TLS policy, self-signed cert, mTLS, SNI override)
  • Updates docs.json to add the SSL Monitors nav group (after ICMP Monitors in the uptime-monitoring section) and adds constructs/ssl-monitor to the DETECT constructs group

Source of truth

Config and assertion options were sourced directly from:

  • checkly-cli/packages/cli/src/constructs/ssl-monitor.ts
  • checkly-cli/packages/cli/src/constructs/ssl-request.ts
  • checkly-cli/packages/cli/src/constructs/ssl-assertion.ts
  • apps/go-runner/check/ssl/result.go and baseline.go

TODO

  • Screenshots / images are not included in this PR. Placeholder image paths were intentionally omitted rather than broken links left in. Images should be added in a follow-up once the feature is publicly available.

Adds overview, configuration, and CLI construct reference pages for SSL
monitors. Config sourced from the checkly-cli SslMonitor/SslRequest
constructs and the go-runner ssl package.
@mintlify

mintlify Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Preview deployment for your docs. Learn more about Mintlify Previews.

Project Status Preview Updated (UTC)
checkly-422f444a 🟢 Ready View Preview Jul 8, 2026, 1:44 PM

💡 Tip: Enable Workflows to automatically generate PRs for you.

- Replace fabricated failure-category strings (EXPIRED_CERT,
  HOSTNAME_MISMATCH, HANDSHAKE_TIMEOUT) with the six real runner
  categories: dns, connect, timeout, handshake, hostname, chain.
  Note that an expired cert is a failure state (daysUntilExpiry < 0),
  not a separate category.
- Fix accordion titles to describe behavior rather than invented enums.
- Clarify security baseline runs only on a successful handshake and
  certificate verification, not on hostname/chain failure.
- Fix ">= threshold" wording: "above which" → "at or above which" for
  degradedResponseTime and maxResponseTime; add 0–30,000 ms range.
- Add sslClientCertificateId as an explicit SslConfig ResponseField
  in the construct reference.
- Expand weak-signature algorithm list to include MD2-RSA and
  ECDSA-SHA1 (matching baseline.go isWeakSignature).
SSL monitors do not offer sub-minute frequencies; the floor is 1 minute, not 10 seconds.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant