Welcome to KeyChest
KeyChest is the tool you need to stay on top of all your certificates and to keep your boss happy.
You can use KeyChest to plan your renewals, get your weekly inventory summary and present your cert
KPIs (key performance indicators) to your boss or your team.
We don’t mind if you use them
for your web servers, email servers, on-premise web services, or to protect your infrastructure.
We treat all certs equal, whether you paid $500 for each, got them free from LetsEncrypt, or
created them yourself.
Note: We treat the name you enter as a server, rather than a "domain
name". This is particularly important when testing web servers, as we don't follow re-directs. However,
if we detect an active re-direct, you will be given an option to check it.
When you create an account, you can quickly populate your dashboard
using domain names with wildcards to search for server and print the first set of KPIs within minutes.
expiration date / validity of a certificate on the server
certificate chain completeness
correct name in the certificate
SSL/TLS version - it should be TLS version 1.2
HTTP Strict Transport Security (HSTS) flag from web servers
time gaps in certificates over the last 2 years
certificate neighbors - other domain names in the server’s certificate
Accounts (still subject to changes)
plan for next 28 days
monthly certificate renewal estimates for next 12 months
incidents - servers without a valid certificate
certificate inventory over the last 12 months
several certificate statistics (issuers, domains per certificate, legacy certificates)
weekly emails with important indicators and tasks for next 28 days
Letsencrypt users seem to like letsmonitor.org - here’s how we compare
The following table compares features of KeyChest with Letsmonitor.org.
Adding new items
one server at a time
domains (with wildcards)
CT logs (certificate transparency), and servers (optional)
weekly and on demand
certs - once before expiration
weekly - inventory and planner for all certs
centrally, 1+ instances, additional instances for availability
certs expiry on selected servers
deployed, CT logs, cross-checking
expiry of deployed certs
all issued certs
difference between issued and effective certs
Will we ever charge you for this service?
Our plan is to keep this service free, including evolutionary features. We have some thoughts about subscriptions, but these will be only for substantial extensions of KeyChest, and customization of this service for on-premise monitoring of your internal infrastructure. Get in touch if you want to chat.