crt.guru is an external TLS certificate monitoring service that scans domains and hostnames from multiple geographic regions without requiring agents, server access, or code changes. The service supports monitoring across multiple protocols beyond standard HTTPS, including LDAPS, SMTP STARTTLS, and IMAPS on any port. Scans are performed from locations including Frankfurt, New York, and Amsterdam, enabling detection of issues that local or single-region checks may miss, such as CDN edge nodes serving stale certificates. Core monitoring capabilities include: - Expiry alerts sent at 30, 14, 7, and 1 day before certificate expiration - Vulnerability scanning for known TLS weaknesses including Heartbleed, ROBOT, and CCS Injection - Weak cipher detection - Certificate revocation detection - Certificate Transparency (CT) log monitoring to detect unauthorized certificate issuance for monitored domains - Compliance checks against Mozilla, PCI DSS 4.0, and NIST standards - One-click PDF compliance report generation in formats suited for CISOs, DevOps, and developers - Portfolio-level risk scoring, compliance matrix, expiry calendar, and trend tracking Notifications are delivered via email, Telegram, Discord, and Slack. Plans range from a free tier (3 assets, daily scans, single region, 7-day history) to Enterprise (200 assets, 30-minute scan intervals, unlimited regions and history, 50 team members). Paid plans include on-demand manual scans, scan comparison and diff, and extended history retention. A REST API is also available.