Sample Domain Health Report

What this sample report includes

The PDF is built from CertPilot's daily checks across the portfolio. Sections in this example:

• Cover and executive verdict — Agency name, report date, and a one-line verdict summarising whether anything needs immediate action.
• Executive summary — Counts of healthy, warning, critical, and limited-data domains, plus a short narrative paragraph in plain English.
• Client-grouped domain health — Per-client tables of SSL status, SSL expiry, domain registration status, registrar expiry, DNS status, and overall status.
• Issues needing attention — Domains with SSL, DNS, or registration findings, each with a plain-English description and a recommended action.
• DNS changes since the previous check — Record types that changed (A, AAAA, MX, NS, TXT, CAA), with previous and current values side by side.
• Recommended actions — A numbered list of what to review before the next renewal or client review.
• Methodology footer — What was checked, what was not checked, and a clear note that this is operational evidence — not certification.

Who should review it

• Web agency owners and ops leads — Hand to clients each month as part of a retainer or care plan. Replaces ad-hoc screenshots with one consistent PDF.
• Lean internal IT teams — Forward to a CTO, COO, or CFO who wants management-ready evidence on public-facing domain hygiene without learning a dashboard.
• MSPs managing multiple clients — Produce per-client evidence for quarterly business reviews and renewal conversations.

How CertPilot uses reports

CertPilot runs a daily check on every monitored domain. SSL certificate expiry, issuer, and chain validity come from a live TLS handshake. Domain registration expiry comes from RDAP. DNS records (A, AAAA, MX, NS, TXT, CAA) come from public DNS resolvers. The monthly report turns those checks into client-ready evidence with plain-English findings and a recommended action per issue.

The report is the deliverable, not the dashboard. Once a recipient — a client, a leadership team, or a business stakeholder — gets the monthly PDF, they expect it every month. That recurring expectation is the point.

What this report is not

CertPilot produces operational evidence on public-facing assets. The PDF is not, and is not intended to be:

• A compliance certification. CertPilot does not certify NIS2, ISO 27001, SOC 2, GDPR, or any other regime. The report supports an audit conversation; it does not replace a qualified auditor.
• A vulnerability scan or penetration test. CertPilot reads public TLS, DNS, and RDAP signals only. No internal scanning, no exploit detection.
• An uptime monitor. CertPilot does not measure availability, response time, or downtime windows.
• Legal advice. The report is a record of operational checks. Use a lawyer for legal questions.
• A read of customer email, documents, chat, or any private content. CertPilot only handles public technical data and metadata the user enters themselves.