How do I monitor expiring certificates?
Quick answer
Section titled “Quick answer”Notory automatically sorts the certificate list by Valid To — the certificate expiring soonest appears at the top. Each certificate also carries a status (Active, Expiring Soon, Expired, Revoked), shown as an indicator. This lets you spot upcoming expirations at a glance.
Prerequisites
Section titled “Prerequisites”Part of the Certificates module and therefore available from the Pro
tier onward (feature certificates).
Instructions
Section titled “Instructions”-
Open the “Certificates” module. The list is sorted ascending by Valid To. The certificates with the nearest expiry date appear at the top.
-
Read the status indicator. The Status column shows Active, Expiring Soon, Expired, or Revoked for each certificate. Set the status to Expiring Soon while editing to actively flag a certificate.
Screenshot pendingzertifikate-ablauf-01Certificate list sorted by 'Valid To', with status indicators 'Expiring Soon' and 'Expired'The expiry-sorted list with a status indicator for each certificate.
The list is available from GET /api/v1/certificates — already sorted
ascending by valid_to. Ideal for building a reminder in your own system:
compare valid_to against today’s date.
curl -H "Authorization: Bearer inv_dein_token" \ https://demo.notory.io/api/v1/certificatesResponse HTTP 200 OK (excerpt — the certificate expiring soonest comes first):
[ { "id": "c4e8b2a1-6f37-4d90-8b52-1a7c3e9d0f68", "common_name": "www.example.com", "issuer": "Let's Encrypt R3", "valid_to": "2026-07-30T00:00:00Z", "status": "expiring_soon", "auto_renew": true }, { "common_name": "vpn.example.com", "valid_to": "2026-11-15T00:00:00Z", "status": "active", "auto_renew": false }]To set the status, send a PUT with the status field:
curl -X PUT https://demo.notory.io/api/v1/certificates/c4e8b2a1-6f37-4d90-8b52-1a7c3e9d0f68 \ -H "Authorization: Bearer inv_dein_token" \ -H "Content-Type: application/json" \ -d '{ "status": "expiring_soon" }'Status values: active (Active), expiring_soon (Expiring Soon), expired
(Expired), revoked (Revoked).
What happens behind the scenes?
Section titled “What happens behind the scenes?”- Server-side sorting:
GET /certificatesalways returns results sorted ascending byvalid_to— upcoming expirations first, without you having to sort them yourself. - Status is stored, not computed:
active/expiring_soon/expired/revokedare values that you set. There is no background job that automatically changes the status based onvalid_to. - No e-mail, no webhook: Notory sends no notification for expiring
certificates. Build reminders as needed via periodic calls to
GET /certificates(comparingvalid_toagainst the current date). - Audit trail: A status change is logged as
updated_by/updated_at. - Tenant isolation: Only certificates belonging to your tenant are listed.
Related topics
Section titled “Related topics”- Renew a certificate — act on the expiry notice
- Add an SSL/TLS certificate
- License costs & expiry at a glance — the same principle for licenses
- API introduction