C
CertPilot

Methodology

How CertPilot checks domains

CertPilot uses public SSL, DNS, and RDAP data to help agencies monitor client-domain health. It does not require client login credentials, registrar access, or any privileged access to the sites it monitors.

What CertPilot checks

SSL certificate validity and expiry

CertPilot connects to each domain over HTTPS and reads the public TLS certificate chain. It records the certificate expiry date, issuer, and whether the certificate is valid. No site content is accessed — only the certificate handshake data that any browser would see.

Domain registration expiry

CertPilot queries public RDAP (Registration Data Access Protocol) endpoints for each domain. RDAP is the modern, structured replacement for WHOIS and provides domain expiry dates and registrar information. CertPilot does not access registrar accounts or modify any registration data.

DNS records

CertPilot queries public DNS for A, AAAA, MX, NS, TXT, and CAA records on each domain. These are public records that DNS lookup tools can return. CAA records are recorded for certificate-authority context.

DNS changes between checks

When a previous DNS snapshot exists, CertPilot compares A, AAAA, MX, NS, and TXT records to the current snapshot and flags changes. This helps agencies detect unexpected DNS modifications — record removals, new entries, or value changes — before they cause problems. CAA records are stored in the DNS snapshot for certificate-authority context, but they are not currently used for DNS drift alerts.

What CertPilot does not do

  • Does not access client login credentials or admin panels
  • Does not scrape private pages or site content
  • Does not monitor uptime or response time
  • Does not test page speed or performance
  • Does not perform vulnerability scanning or security audits
  • Does not auto-renew SSL certificates
  • Does not manage DNS hosting or make DNS changes
  • Does not require registrar account access
  • Does not require DNS provider API keys
  • Does not require website admin access

Status meanings

Green — Healthy

All checks passed. SSL is valid with sufficient runway, domain registration is active, and DNS records match the previous snapshot.

Yellow — Attention needed

Something requires review before it becomes a problem. Common causes: SSL or domain expiry within the warning window, or a DNS record change detected.

Red — Action required

A check has failed or an issue is critical. Common causes: SSL expired or expiring very soon, domain registration lapsed or expiring imminently.

Limited data

A public data source returned incomplete information or a check could not complete. This may be a transient issue with the public data source, or the domain may not have a public record available.

Data and privacy

CertPilot stores the domain names you add, the results of each public check (certificate expiry dates, DNS records, RDAP data), and the alerts generated from those results. It does not store site content, login credentials, or any private account data.

  • No registrar credentials required or stored
  • No DNS provider API keys required or stored
  • No website admin credentials required or stored
  • All data used is from public technical records

For more detail on data handling, see the Privacy Policy.

Questions about methodology? hello@certpilot.app