Oh Dear! is a new SaaS application for website monitoring with multi-location uptime monitoring, mixed content detection, and SSL certificate and transparency reporting, by Freek Van der Herten and Mattias Geniar. The application is built on top of Laravel Spark.
What differentiates Oh Dear from other uptime monitoring solutions, in my opinion, is the mixed content detection and SSL certificate monitoring. The web is moving to HTTPS, and your site’s availability can be affected by modern browsers when things go awry with your certificate.
A simple uptime monitor simply doesn’t cut it anymore.
Mixed Content Checks
Mixed content checks can affect critical pages in your application, such as a checkout page or other prominent user page. To the user, it will not show as secure, but instead a warning. For example, Oh Dear! found this page after I configured my site, which shows what a mixed content warning looks like in Chrome:
You can also download a mixed content report as an Excel document that you can use to fix your mixed content errors. Once you resolve the mixed content errors, the application will notify you of the recovery.
Certificate Health Check
SSL certificate checks run every five minutes for each site configured in Oh Dear! Not only does the application check your domain’s certificate, but it also verifies the intermediate certificates too. Sometimes it’s not apparent where the issue is in the certificate chain, and the peace of mind that Oh Dear! takes care of the complicated verification steps is valuable.
If your certificate is set to expire in the next fourteen days, Oh Dear! will notify you daily, so you never have to learn about it from your customers again ;)
For me one of the most significant value propositions of Oh Dear! as a product is the SSL certificate chain validation. From the documentation on the certificate health check:
A chain is only as strong as its weakest link, SSL Certificates are the prime example. We don’t just monitor your domain’s certificate but will check every intermediate certificate too, up to the root certificate, to verify the chain of trust.
We look for SHA-1 certificates, revoked intermediates, distrusted root certificates, … each of those problems can cause your site to be unavailable. And none of those changes are in your control, these decisions get made by the Certificate Authorities (CAs) or the browsers themselves, coordinated via the CAB Forum.
Oh Dear! has excellent documentation, with contextual links in the application reports. For example, when you look at a mixed content report, it calls out the documentation the describes how Oh Dear! goes about running a mixed content check:
The documentation covers the different checks that run, getting started with notifications, the API, PHP software development kit (SDK), and webhooks.
Get over to ohdearapp.com and sign up today for a free—no credit card required— nine-day trial. After the trial period, you can sign up for one of four paid plans starting at € 5/month ($6.13 USD at the time of writing). All plans get the full features, and you pick the plan based on how many sites you need to monitor.
See Oh Dear! pricing for more details.