Public sector & enterprise · NCSC aligned

Never let an SSL
certificate expire again

CertWatch monitors every certificate across your estate, alerts your team before expiry, and keeps your services running — automatically. Built for councils, NHS trusts, and enterprise.

Start monitoring free See how it works
Free 30-day trial
UK data residency
No long-term contract
0
Certs scanned today
0
Alerts sent this month
0
Organisations protected
NCSC WebCheck replacement
Automated daily scanning
30-day expiry alerts
Multi-org admin dashboard
CAF aligned reporting
G-Cloud ready
DMARC & email security
UK hosted infrastructure
NCSC WebCheck replacement
Automated daily scanning
30-day expiry alerts
Multi-org admin dashboard
CAF aligned reporting
G-Cloud ready
DMARC & email security
UK hosted infrastructure
The problem

Expired certs take services
offline without warning

Most councils still track certificates in spreadsheets. When NCSC WebCheck retired, that gap got bigger.

certwatch — scan report
$ certwatch scan northshire-council.gov.uk
───────────────────────────────
host northshire-council.gov.uk
issuer Sectigo RSA
expires 14 Aug 2026
status ● OK — 101 days remaining
 
$ certwatch scan portal.westbridge-nhs.uk
───────────────────────────────
host portal.westbridge-nhs.uk
issuer Let's Encrypt
expires 09 May 2026
status ● CRITICAL — 4 days remaining
 
⚠ Alert sent to it@westbridge-nhs.uk
What CertWatch does

Everything you need to manage
your certificate estate

Automated daily scanning
Every domain scanned automatically every 24 hours. No manual checks. No spreadsheets. Just continuous visibility.
Configurable expiry alerts
Set custom thresholds — 60, 30, 14, 7 days. Get email alerts before certificates expire, not after services go down.
Full certificate inventory
Every certificate across your estate in one place. Issuer, expiry date, days remaining, status — all visible at a glance.
Audit trail & compliance
Every scan, alert, and action logged. Give auditors exactly what they need to evidence CAF compliance on certificate management.
Multi-user access
Add your whole IT team. Role-based access control means the right people see the right information. Admin and standard user roles.
Secure by design
JWT authentication, rate limiting, account lockout, security headers, audit logging. Built with public sector security requirements in mind.
How it works

Up and running in minutes

No agents to install. No infrastructure to manage. Add your domains and CertWatch handles the rest.

01
Create your account
Register your organisation and set up your team. Takes under two minutes.
02
Add your domains
Paste in your domains one by one or in bulk. CertWatch scans them immediately.
03
Configure alerts
Set your email address and expiry threshold. We'll warn you well before anything expires.
04
Stay protected
Daily automated scans run in the background. Your dashboard stays current. You focus on other things.
Public sector & enterprise

Built for organisations that
can't afford downtime

CertWatch was built by a cybersecurity practitioner inside local government — and works just as well for NHS trusts, housing associations, legal firms, and enterprise IT teams.

  • Direct replacement for NCSC WebCheck — same visibility, more features
  • CAF Objective B aligned — evidences certificate lifecycle management
  • Supports Cyber Essentials and CE+ certification evidence gathering
  • ISO 27001 control support — asset and certificate inventory
  • Suitable for NHS Digital, councils, housing associations, and enterprise
  • All data hosted in the United Kingdom — GDPR compliant
  • G-Cloud listing in progress — procurable via existing frameworks
NCSC Aligned
CAF B2.b
Cyber Essentials+
ISO 27001
UK Data Residency
GDPR Compliant
Defend as One
G-Cloud Ready
NHS Digital Ready
admin — platform overview
Platform overview · 05 May 2026 · 08:00
────────────────────────────────────
organisations 12 active clients
certificates 347 domains monitored
healthy 301 certificates OK
warning 38 expiring < 30 days
critical 8 expiring < 7 days
 
⚠ 3 alerts sent · action required
Who uses CertWatch

Trusted by public sector
and enterprise teams

From district councils to NHS trusts to enterprise IT — CertWatch fits wherever certificates need managing.

🏛️
Local Government
District, borough, and county councils managing public-facing services, portals, and internal systems.
🏥
NHS & Health
NHS trusts and health organisations where certificate failures directly impact patient-facing services and care systems.
🏢
Enterprise & Legal
Financial services, law firms, and enterprise IT teams who need certificate visibility without complex enterprise CLM pricing.
🏘️
Housing Associations
Social housing providers managing resident portals and digital services who need affordable, straightforward monitoring.
🎓
Education
Universities, colleges, and multi-academy trusts managing dozens of domains across departments and campuses.
🔒
MSSPs & IT MSPs
Managed service providers who monitor certificate estates across multiple client organisations from a single admin dashboard.
Pricing

Simple, transparent pricing

No hidden fees. No per-domain charges. Starter is fully self-serve — buy online in minutes. Essentials and Professional include a sales conversation to make sure it fits your needs.

Starter
£50
per organisation / year
  • Up to 1 domains monitored
  • Daily automated scanning
  • Email alerts
  • 1 user
  • 12-month scan history
  • Basic CSV export
  • Self-serve setup
  • Community support
Buy now — no sales call
30-day free trial · cancel anytime
Essentials
£500
per organisation / year · 30-day free trial
  • Up to 50 domains monitored
  • Daily automated scanning
  • Configurable email alerts
  • Multi-user access (up to 5)
  • Full audit trail
  • 12-month scan history
  • Email support (business hours)
  • Cyber Essentials evidence pack
Start free trial
Most popular
Professional
£1,899
per organisation / year · 30-day free trial
  • Unlimited domains monitored
  • Daily automated scanning
  • Email, webhook & Teams alerts
  • Unlimited users
  • Full audit trail & reporting
  • ACME auto-renewal (coming Q3)
  • CAF & ISO 27001 evidence reports
  • Priority support + dedicated contact
  • G-Cloud procurement
  • Custom integrations
Contact sales
Common questions

Frequently asked

Does CertWatch replace NCSC WebCheck?
Yes. CertWatch provides the same certificate visibility that WebCheck offered, plus automated daily scanning, email alerts, multi-user access, and a full audit trail — all from a single dashboard.
Do I need to install anything on my servers?
No. CertWatch is fully agentless. It scans your domains remotely over port 443 — no software to install, no firewall changes required. Just add your domains and we handle the rest.
Where is my data stored?
All data is stored in the United Kingdom. We do not transfer data outside the UK or EEA. CertWatch is fully GDPR compliant and we can provide a Data Processing Agreement on request.
Can we procure via G-Cloud?
Our G-Cloud listing is in progress. In the meantime, we can supply a quote and terms for direct award under existing frameworks. Contact sales@certwatch.co.uk to discuss procurement options.
What happens when a certificate is about to expire?
CertWatch sends email alerts at your configured threshold — typically 30, 14, and 7 days before expiry. Professional plan customers also get webhook and Microsoft Teams notifications. ACME auto-renewal is on the roadmap for Q3 2026.
Is there a free trial?
Yes — all plans come with a 30-day free trial. The Starter plan is fully self-serve — sign up and start immediately with no sales call needed. Essentials and Professional include an onboarding call to make sure everything is configured correctly. Email sales@certwatch.co.uk if you'd like a live demo first.
Get started today

Stop finding out about
expired certs the hard way

30-day free trial. No long-term commitment. Set up in under 10 minutes and have full visibility over your certificate estate today.

Create free account Talk to us