What it is
Every HTTPS site presents a TLS certificate that browsers use to confirm they are talking to the real domain over an encrypted connection. That certificate has a fixed validity window and must be renewed before it ends. WebGuard reads the certificate served on your public endpoints and checks how much of that window remains, whether the hostname and certificate chain are presented correctly, and whether secure delivery is consistently available.
Why it matters
A lapsed or misconfigured certificate is one of the fastest ways a public site loses customer confidence: browsers replace your page with a full-screen trust warning, and most visitors simply leave. Because renewals are easy to forget, certificate expiry is a recurring, entirely preventable outage. Catching it days ahead turns an incident into a routine task.
How WebGuard checks it
WebGuard connects to your verified domain exactly as a browser would, reads the presented certificate, and reports the days remaining and any chain or hostname mismatch. It is read-only: no certificate is modified, and nothing beyond the public endpoint is touched.