C
CertPilot
IT Governance Evidence Platform

Prove your IT is under control — without enterprise GRC.

CertPilot runs daily checks on your domains, SSL, DNS, and email security, keeps renewals, people, assets, and access reviews in structured registers, and turns it all into evidence reports a boss, a client, or an auditor can actually read — built for lean IT teams, MSPs, and agencies.

Start free 14-day trialSee sample reports
14 days free
No credit card
Cancel anytime

More structure than the spreadsheet. A fraction of the weight of a GRC suite. Checks verify what is public, registers track what only your team knows, and reports turn both into dated PDF evidence.

certpilot · governance workspace
Live

Workspace verdict — June 2026

9 items need attention

44 of 47 domains healthy · Q2 access review 86% complete

Monitored

47

domains

Findings

9

to action

Reports

6

ready

External footprint

SSL · DNS · RDAP · email auth

2 findings

Renewals & vendors

38 records with owners

3 due soon

Access reviews

Q2 register · 12 systems

4 overdue

Evidence reports

Monthly Proof ready

6 types

Monthly Proof

Ready to generate

Generate →

Illustrative preview · operational evidence, not certification

Public-signal checksCustomer-maintained registersSix evidence report types
Risk patterns

The work is real. The evidence is scattered.

Renewal dates in a spreadsheet, certificates in a dashboard, access in someone's memory, assets in an old export. That is where these four failures start.

Expiry risk

A certificate or domain expires on your watch.

The site goes dark on a Saturday morning. A customer, a client, or your CEO finds out before you do.

Daily checks flag SSL, domain, and DNS issues at 60, 30, and 14 days — before they become incidents.

Renewal risk

A renewal lapses that nobody owned.

A retired card, an unread invoice, an inbox no one watches — then hosting, a license, or a vendor contract is gone.

The Renewals & Vendor Register tracks every asset with a due date, an owner, and a billing contact.

Review risk

Someone left months ago — their accounts didn't.

Who has access to what? Who still holds a laptop or a license? The answers exist — scattered across tabs, versions, and memory.

Access Reviews, People & Accounts, and the Assets Register keep entries, owners, statuses, and review dates structured.

Evidence risk

Someone asks for proof — and there is none.

Management, a client, an auditor, or an insurer asks what your team actually did. The work was real. The paper trail is not.

Evidence reports turn invisible operational work into dated, plain-English PDFs.

How it works

Check. Track. Prove.

Automated checks and human-maintained registers feed one artifact: the evidence report.

01

Check

CertPilot runs daily automated checks on your public signals — SSL certificates, domain registration, DNS records, and email authentication. No credentials, no agents, no scanners. Public data only.

02

Track

Your team keeps registers of the things no automated check can see — renewals, vendors, people, accounts, hardware, software, and access reviews. Owners, due dates, statuses, and review states. CSV in, CSV out.

03

Prove

One click turns checks and registers into a dated, plain-English PDF — what was verified, what is tracked, what was reviewed. Ready to forward to a boss, a client, or an auditor.

Checks verify what is public · Registers record what only your team knows · Reports prove both

Live modules

Seven modules. One evidence trail.

Everything below is live today. Six modules feed the trail; the seventh turns it into the report you send.

Live
01

External Footprint Monitoring

  • SSL / TLS certificate expiry, issuer, and validity
  • Domain registration expiry via public RDAP
  • DNS records and drift: A, AAAA, MX, NS, TXT, CAA
  • Email authentication: MX, SPF, DMARC, MTA-STS, TLS-RPT, BIMI

View module

Live
02

Renewals & Vendor Register

  • SaaS tools, hosting, plugins, licenses, contracts
  • Owners, renewal dates, billing contacts
  • Overdue, upcoming, and incomplete-record alerts
  • CSV import and export

View module

Live
03

People & Accounts

  • People with roles, status, and start / end dates
  • System accounts with identifiers and account status
  • Accounts matrix — review people against systems
  • Manual-first with CSV import and export — no directory sync

View module

Live
04

Assets Register

  • Hardware with assigned person, status, serials, and specs
  • Software with vendor, version, license status, renewal date
  • Key-present flag with masked hint — full keys never stored
  • CSV import and export for hardware and software

View module

Live
05

Access Reviews

  • Per-system access register with review states and due dates
  • Systems catalog, matrix view, and entries view
  • CSV import and export — start from your existing spreadsheet
  • Access Review Register PDF (counts only in shared summaries)

View module

Live
06

Vendor Status Watch

  • Official public status signals for vendors your workspace depends on
  • Vendor-reported outages and maintenance windows with source links
  • Workspace watchlist with dashboard Refresh now
  • No customer credentials — official public vendor feeds only

View module

Live · the output

Evidence Reports

The destination for everything above. One click turns the six modules into dated, management-ready PDFs your boss, your client, or your auditor can read in five minutes.

Explore evidence reports

Domain Health

Renewal Risk

Monthly Proof

Weekly Governance

Access Review Register

Governance Evidence Pack

Evidence reports

Send proof, not screenshots.

The report is the product. Every module — checks and registers alike — rolls up into six management-ready report types a non-technical reader can act on in five minutes.

  • Domain HealthSSL expiry, domain registration status, DNS records and changes, client-grouped.
  • Renewal RiskOverdue, upcoming, and incomplete renewal records across hosting, SaaS, licenses, and contracts.
  • Monthly ProofThe combined monthly summary — domain health, renewal risk, and recommended actions, branded with your logo.
  • Weekly GovernanceA weekly-format operational review of domains, SSL renewal windows, DNS signals, and renewal risks — generated on demand.
  • Access Review RegisterQuarterly access governance evidence — entries grouped by system, review status, and overdue flags.
  • Governance Evidence PackA cross-module executive summary across domains, email authentication, renewals, and access reviews, with People, Assets, and Vendor Status as summary counts.
View the sample report gallery →Download the Domain Health sample

All six report types have a public sample in the gallery — Domain Health, Renewal Risk, Monthly Proof, Weekly Governance, the Access Review Register, and the Governance Evidence Pack. The samples are static demos with fictional data; inside the product, every report generates on demand from your own domains and registers.

CertPilot

Governance Evidence Pack

June 2026

Cross-module summary

Executive verdict

Operational control managed across every live module. 9 items need attention this period.

Module coverage

External footprint

47 domains · SSL, DNS, email auth

2 findings

Renewals & vendors

38 records

3 due soon

Access reviews

Q2 register · 12 systems

4 overdue

People & accounts

24 people · 61 accounts

counts

Assets

57 hardware & software

counts

Vendor status

6 vendors watched

counts

Counts only for people, assets, and vendor status — no names, serials, or keys. Generated on demand.

Sample gallery

Open any sample report to see the exact format before you sign up — no account needed.

Domain HealthRenewal RiskMonthly ProofWeekly GovernanceAccess Review RegisterGovernance Evidence Pack
Who it's for

Same evidence. Four audiences.

The artifact is the same — a dated, plain-English report. Who you hand it to is different.

Lean IT teams

Evidence for management.

You carry domain, renewal, and access oversight without a dedicated security function. CertPilot gives you one place to keep it under control — and a PDF your CTO, COO, or CFO can read in five minutes.

MSPs

Evidence for business reviews.

You run digital operations for many business clients. Group domains and registers per client and bring dated, defensible evidence to every quarterly business review and renewal conversation.

Agencies

Evidence for retainers.

You manage client websites on retainer. Daily monitoring, renewal tracking, and a branded Monthly Proof Report that turns invisible maintenance into visible, documented deliverables.

Founders & operators

Evidence for yourself.

You run IT because someone has to — alongside everything else. One workspace for domains, renewals, people, assets, and access, so nothing depends on memory and nothing expires unnoticed.

The SSL shortening timeline

Certificate lifetimes are shrinking. Renewal work is multiplying.

CA/Browser Forum has approved a phased reduction in maximum SSL certificate lifetimes, down to 47 days by 2029. The changes are confirmed and on a fixed schedule — every renewal date matters earlier.

01

Until March 14, 2026

398 days

Current maximum SSL certificate lifetime

02

March 15, 2026

200 days

Renewals double — 2× the tracking work per domain

03

March 15, 2027

100 days

Renewals double again — 4× the original volume

04

March 15, 2029

47 days

Final phase — 8× renewal events. Manual tracking breaks.

Source: CA/Browser Forum Ballot SC-081. Dates are confirmed minimums; browsers may enforce stricter limits earlier.

Renewals & Vendor Register

For the assets your team cannot afford to forget.

Track SaaS tools, hosting plans, plugins, licenses, and contracts — with owners, renewal dates, billing contacts, and risk flags — before something lapses unnoticed.

  • SaaS tools and subscriptions
  • Hosting and domain-related services
  • Plugin, theme, and license renewals
  • Contracts and vendor renewals
  • Billing contacts and invoice emails
  • CSV import and export — start from your existing spreadsheet
Start tracking renewals

CertPilot

Renewals & Vendor Register

1 overdue

Cloudflare

Pro plan

Overdue

No owner

Adobe CC

License renewal

Due in 14 days

Jane D.

WP Engine

Hosting — Client Alpha

Due in 42 days

Tom R.

Renewal alerts sent daily. Evidence reports generated on demand.

How CertPilot checks

Public data only. No credentials needed.

  • Reads public SSL/TLS certificate data over HTTPS
  • Queries public RDAP endpoints for domain registration data
  • Looks up public DNS records (A, AAAA, MX, NS, TXT, CAA)
  • Checks email authentication records (MX, SPF, DMARC, MTA-STS, TLS-RPT, BIMI) — public DNS only, no mailbox access
  • Register data is entered by your team and stays in your workspace
  • Does not require website login, registrar access, or DNS provider API keys

Read the methodology →

Hard boundaries

What CertPilot will never do.

Governance evidence is not surveillance. These boundaries are permanent, by design:

  • No employee surveillance — no keystroke, screen, location, or activity tracking
  • No productivity scoring — no per-person performance metrics or rankings
  • No content scanning — never reads email bodies, documents, or chat messages
  • No AI prompt or response inspection of any kind
  • No MDM or device agents — registers hold records your team enters, nothing is installed on machines
  • No enterprise GRC machinery — no control frameworks or months-long implementation projects
  • No compliance certification claims — evidence, not certification
  • No legal guarantees — operational records, not legal advice

For teams preparing internal cybersecurity governance or NIS2-related documentation, CertPilot records can support operational evidence workflows — without replacing legal advice, security audits, certification, or compliance determination. Romanian organizations preparing under GEO 155/2024 can also look at NIS2 Pilot for broader internal preparation.

Free tools

Check any domain in seconds

SSL expiry, renewal readiness, DNS health, and email authentication — no login needed.

See all tools →

Free 10-Domain Audit

SSL, DNS, and domain expiry audit with a shareable PDF.

Run free audit

Single Domain Check

SSL, DNS, and domain expiry for one domain.

Check one domain

Watchtower

SSL expiry for up to 25 domains + calendar feed.

Open Watchtower

47-Day Pre-Flight

Check renewal readiness before shorter cycles hit.

Run Pre-Flight

Inbox Pulse

DMARC, SPF, MX, MTA-STS, TLS-RPT, and BIMI checks.

Open Inbox Pulse

Vendor Status Checker

Cached official vendor-reported incidents and maintenance.

Check vendor status
How CertPilot compares

Built for governance evidence — not just monitoring alerts.

Certificate monitors alert on certificates. Uptime monitors alert on availability. Spreadsheets are flexible but fragile for reminders and evidence. CertPilot covers a different job: it combines checks, registers, and evidence reports in one place.

FeatureCertPilotCertificate monitorsUptime monitorsSpreadsheets
SSL certificate monitoring
Domain expiry tracking
DNS / MX / NS change alerts
Email authentication monitoring (SPF, DMARC, MTA-STS)
Client workspaces
Renewals & Vendor Register (SaaS, licenses, contracts)
People & accounts register
Hardware & software assets register
Access review register with review states
Renewal risk alerts
Branded PDF evidence reports
47-day renewal readiness
Flat per-workspace pricing
IncludedPartial / limitedNot available

None of these categories is wrong — they solve different jobs. If you only need certificate alerts, a certificate monitor does that well. If you need availability checks, an uptime monitor does that well (CertPilot deliberately does not monitor uptime). Enterprise GRC suites solve the governance job too — for organizations with compliance teams, framework rollouts, and implementation budgets to match. The real day-to-day competitor is the spreadsheet: free and flexible, but it sends no reminders, tracks no review states, and produces no evidence trail. CertPilot is built for the governance job at small-team weight — daily public-signal checks, human-maintained registers, and management-ready PDF evidence from both.

Pricing

Priced by workspace, not by headcount.

Flat monthly pricing based on workspace size and evidence volume — no per-seat charges, no per-record surprises. Start free, upgrade when the evidence trail grows.

Limited offer · First 20 customers only

Founder Pilot — €49/month

For the first teams onboarded manually.

Start with the free trial. If CertPilot is useful, reply to the founder email to activate the Founder Pilot.

Ask about Founder Pilot

Starter

€99/month

Best for one lean team or a small operator putting the first recurring evidence trail in place.

Suggested for: a single small workspace — one team, modest evidence volume
  • Daily checks: SSL, DNS, domain expiry, email authentication
  • All registers: renewals & vendors, people & accounts, assets, access reviews
  • CSV import and export on every register
  • All evidence reports, generated on demand
  • Daily digest email
  • Monitoring capacity: up to 100 domains
Start free trial
Most popular

Professional

€199/month

Best for growing IT teams, MSPs, and agencies managing evidence across clients, departments, or business units.

Suggested for: multi-client or multi-team evidence with a regular reporting cadence
  • Everything in Starter
  • Client, department, or business-unit grouping across domains and registers
  • Your logo and brand color on all evidence reports
  • More room for larger registers and a regular reporting cadence
  • Monitoring capacity: up to 250 domains
Start free trial

Portfolio

€299/month

Best for larger operators with heavier evidence volume across domains, renewals, people, assets, and access records.

Suggested for: high-volume workspaces and larger client rosters
  • Everything in Professional
  • Headroom for larger registers and a heavier reporting cadence
  • Priority support and import help
  • Monitoring capacity: up to 500 domains
Start free trial

Start with a 14-day free trial. Founder Pilot activation is handled manually during early access.

“Suggested for” sizes are guidance based on workspace size and evidence volume, not enforced caps. The plan limits enforced today are monitored-domain capacity and report branding availability.

FAQ

Common questions.

Is CertPilot a compliance tool?

No. CertPilot produces operational evidence — dated, plain-English records of what was checked, what was tracked, and what was reviewed. That evidence is useful in audit conversations, governance reviews, and cyber-insurance questionnaires, but CertPilot does not certify NIS2, ISO 27001, SOC 2, GDPR, or any other regime, and nothing it produces is legal advice or a legal guarantee.

Is CertPilot an enterprise GRC platform?

No — deliberately. Enterprise GRC platforms manage control frameworks, policy libraries, and audit workflows for large compliance teams, and typically take months to implement. CertPilot covers the recurring evidence layer underneath: are the domains healthy, are renewals owned, who has access to what, what assets exist, who holds which accounts — and can you prove all of it with a dated PDF. It is built to be useful in the first afternoon, not after an implementation project.

Does CertPilot monitor employees?

No. The People & Accounts and Assets registers hold records your own team enters or imports — names, roles, account identifiers, asset assignments. CertPilot never tracks activity, scores productivity, scans email bodies, documents, or chat messages, and never inspects AI prompts or responses. Nothing is installed on anyone's machine. It is governance evidence, not surveillance.

What reports do I get?

Six report types, generated on demand inside the product: Domain Health (SSL, DNS, domain expiry, and changes), Renewal Risk (overdue, upcoming, and incomplete renewals), Monthly Proof (the combined monthly summary for clients or management), Weekly Governance (a weekly-format operational review), the Access Review Register (quarterly access governance evidence grouped by system), and the Governance Evidence Pack (a cross-module executive summary). All six have public demo samples on the sample reports page, built with fictional data so you can see the exact format before signing up.

Does CertPilot connect to Google Workspace or Microsoft 365?

No. CertPilot has no Google Workspace or Microsoft 365 integration and does not need one. Checks run against public data; registers are maintained by your team with CSV import and export. Read-only connectors may be considered later — planned, not yet available — but nothing on the platform requires them today.

Can I start manually?

Yes — manual-first is the design, not a stopgap. Paste or CSV-import your domains, import your renewal spreadsheet into the Renewals & Vendor Register, your people and account records into People & Accounts, your hardware and software lists into the Assets Register, and your existing access-review spreadsheet into Access Reviews. Everything exports back out as CSV, so your records stay portable.

How is CertPilot different from a spreadsheet?

A spreadsheet works while everything fits in one person's head and nobody asks for proof. Once renewals span inboxes, people and assets span tabs, and a quarterly access review needs chasing, the spreadsheet falls behind — and it produces no evidence trail. CertPilot keeps the same records in structured registers with owners, due dates, statuses, and review states, adds daily automated checks a spreadsheet can never run, and turns both into dated PDF reports. Your data stays portable: CSV in, CSV out.

How is CertPilot different from an SSL or domain monitor?

Certificate and domain monitors alert on certificates and domains — and stop there. CertPilot includes that monitoring (SSL, DNS, RDAP, email authentication) but treats it as one module of six: renewals, people and accounts, assets, and access reviews live alongside it, and everything feeds the evidence reports. CertPilot deliberately does not monitor uptime — if you need availability checks, an uptime monitor is the right tool for that job.

What data does CertPilot store?

Two kinds. First, public check results: TLS certificate data, DNS records, and RDAP registration data — the same public data any browser can see, collected with no credentials, registrar access, or API keys. Second, register records your team enters or imports: renewals, vendors, people, accounts, hardware, software, and access review entries. Register data stays in your workspace and exports back out as CSV. CertPilot stores no email content, no documents, and no full product keys.

How should I choose a plan?

By workspace size and evidence volume, not headcount. Starter fits one lean team or a small operator getting the first evidence trail in place. Professional fits MSPs, agencies, and growing IT teams that group evidence per client and want reports with their own branding. Portfolio adds headroom for high-volume workspaces. Pricing is flat per workspace — the limits enforced today are monitored-domain capacity per plan and report branding availability — and every plan starts with a 14-day free trial.

I’m Alex, the founder. I built CertPilot because teams should not lose sleep — or clients — over expired certificates, missed renewals, or an access review nobody can find when someone asks for it. Every early customer email goes to me personally.

alex@certpilot.app

Start free · No credit card required

Prove your IT is under control.

Run daily checks on domains, SSL, DNS, and email authentication. Keep renewals, people, assets, and access reviews organized in registers. Turn it all into evidence reports your boss, your clients, or your auditor can actually read — without enterprise GRC complexity.

Start free 14-day trialSee sample reports

Questions? Email hello@certpilot.app