Skip to content

Notifications overview

The notifications feature keeps you informed about important system events in real time. With timely updates, you can monitor resources proactively, respond quickly to issues, and gain better insights into system health and status.

Certificate Manager - SaaS notifications support multiple delivery channels, including in-product notifications, email, and external integrations such as generic webhooks and Microsoft Teams. This page describes the notification model, types of notifications, and how webhook-based delivery works.

Certificate Manager - SaaS currently provides two notification models depending on the event source and integration type.

Some notifications are generated from activity and audit events and are delivered directly to external systems such as Slack, Microsoft Teams, or generic webhooks.

Other notifications are generated from resource and system events, such as certificate expiration or issuer health, and are managed through the Notification Center UI with support for email, PagerDuty, and Zoom Team Chat integrations.

Features and benefits

  • Real-time alerts: Immediate notifications for significant events, such as health status changes of resources.
  • Customizable filters: CEL-based filtering ensures that notifications are tailored to your specific needs and only relevant events trigger alerts.
  • Integration support: Integration of notifications with external tools for streamlined incident management and communication.

Notification types

Certificate Manager - SaaS supports notifications including:

  • Health status notifications
  • Expiring certificate notifications

Health status notifications

Notifications alert you when cert-manager certificates or issuers report an unhealthy state. Certificate Manager - SaaS continuously monitors these resources.

To reduce noise, notifications are only generated when a resource remains unhealthy for a sustained period. When a resource returns to a healthy state, a recovery notification is sent shortly afterward.

Expiring certificate notifications

Certificate Manager - SaaS checks daily for certificates that are nearing expiration, based on three predefined thresholds. When a certificate crosses one of these thresholds, an expiration event is generated so that you can take action before a service disruption occurs.

For webhook integrations, expiring certificate events are sent using the normalized event structure described below.

Notification event model

All notifications delivered via webhook (regardless of the underlying event source within the webhook-based system) currently use a consistent event structure. This ensures that external systems receive a predictable, uniform payload, even when the event originates from different parts of Certificate Manager - SaaS.

An event has the following structure:

{
  "eventName": "string",
  "eventType": "string",
  "message": "string",
  "criticality": 0,
  "createdAt": "2025-01-15T12:45:00Z"
}

Field descriptions

  • eventName: Human-readable name for the event.
  • eventType: Machine-readable identifier used to classify the event.
  • message: A descriptive message containing all event-specific information. For certificate notifications, this includes the certificate's common name and expiration date.
  • criticality: A numeric severity level. (0 = info, 1 = warning.)
  • createdAt: Timestamp of the event in ISO 8601 format.

Audience and use cases

This feature is intended for system administrators, DevOps engineers, and security teams who need to monitor the health and status of their Certificate Manager - SaaS resources. By integrating notifications with existing communication and incident management tools, teams can respond more effectively to potential issues.

Use cases include: - Proactively monitoring certificate expirations to prevent service disruptions. - Receiving real-time alerts for issuer health status changes. - Integrating notifications into team collaboration platforms for streamlined communication.

Integration workflow

The webhook integrations described below apply only to activity-based notifications and webhook delivery. UI-managed notifications use the Notification Center routing system and support a different set of integrations.

To set up webhook-based notifications in Certificate Manager - SaaS, you first create an external integration using the Certificate Manager - SaaS API. Depending on the notification model, the following integrations are supported:

  • Activity-based notifications:
  • Slack for team collaboration and alerting within channels
  • Microsoft Teams for Adaptive Card notifications in team channels
  • Generic webhooks for custom endpoints, SIEM tools, or automation pipelines
  • Resource and system event notifications via the Notification Center:
  • Email for direct communication of important notifications
  • PagerDuty for incident management and alert escalation
  • Zoom Team Chat for collaboration and real-time alerting within team channels

Routing controls which notifications are sent to each integration. Routing rules use CEL expressions to filter events based on event fields. You can learn more about CEL filtering and routing in the Event Notification types documentation.

Note

You can also set up email notifications and custom webhooks for certificate expiration events.

For more information, see Set up certificate expiration notifications.

Requirements and compatibility

To receive webhook notifications, your endpoint must:

  • Be accessible from the public internet over HTTPS (port 443)
  • Respond with a 2xx HTTP status code
  • Support standard Authorization headers

For complete network requirements, see Set up certificate expiration notifications.

Next steps