Oh Dear

You can now bring your own TLS certificate to your status page. Upload a certificate and private key from your internal PKI, an organizational CA, or Cloudflare Origin CA. Or download an origin certificate we generate and trust it in Cloudflare directly. Either way the origin handshake validates and the 526 is gone. Before we serve any certificate we check that the private key matches it, that it covers your domain, and that it hasn't expired. Private keys are encrypted at rest and never downloadable. 🔒

The weekly changelog is out. Here's what landed: you can now pause notification destinations instead of deleting them, custom status page domains get DNS verification with step-by-step Cloudflare guidance, AI checks now run on the latest OpenAI and Anthropic models with the option to pin a specific one, and failed notification thresholds are supported across more check types so you control exactly when an alert fires. We also made large Broken Links crawls more reliable, so they no longer time out and discard results on big sites. Small but meaningful improvements that keep monitoring reliable for your team. https://lnkd.in/evsmc49e

We're about to let you bring your own SSL certificate to your Oh Dear status page. If you run your status page on a custom domain and would rather provide your own certificate than have us auto-provision one with Let's Encrypt, that option is coming. Building it turned up an interesting problem. Under the hood, Caddy fetches that certificate from our backend over HTTP. And certmagic, the certificate library underneath Caddy, asks for it on every single TLS handshake by design, even though the certificate almost never changes. For an HTTP getter, that's a backend round trip on every connection. So we built a small Caddy module that caches those lookups in-process. On a cache hit it's a map lookup: microseconds, no network. It honours the Cache-Control header your backend sets, so you stay in control of how long Caddy caches each certificate. It also negative-caches unknown domains, coalesces concurrent lookups, and can persist to disk for warm restarts. It's open source under Apache-2.0, you build it into Caddy with xcaddy, and it's listed on caddyserver.com.

Oh Dear ships updates every week. This week you can add your own logo and colours to monthly reports and status pages, manage every notification destination from a single redesigned interface, and follow a clearer Application Health onboarding. We've also sharpened DNS monitoring so it tells unreachable nameservers apart from record drift, and upgraded the whole app to Laravel 13 to keep the foundation current. Small but meaningful improvements that keep monitoring reliable for your team. https://lnkd.in/egm_dfr8

We built a small service called Request Mirror to make HTTP testing easier, and open-sourced it so anyone can use it. The problem it solves: how do you test that your app handles a 500, a timeout, or an odd response without taking down a real service to trigger it? Request Mirror lets you ask for exactly the response you want. Hit /status/500 and it returns a 500. /get reflects your headers back. /json and /xml return sample payloads. Point your test suite at it and assert how your code reacts. We use it ourselves to test Oh Dear's uptime monitoring, but there's nothing Oh Dear-specific about it. It's free, hosted at request-mirror.ohdear.app, and fully open source if you'd rather self-host. A small public good we're happy to keep maintaining. https://lnkd.in/eDSt_Uff

We spent way too long building an "AI-powered framework" to help you decide if you need website monitoring. The result might shock you. 😱 (Or not 😂 )

We ship updates to Oh Dear every week. Last week: AI checks are now generally available to every team, our MCP server can create, update, and delete monitors so AI assistants manage your monitoring directly, a new $OH_DEAR_TIMESTAMP variable lets you bust CDN caching on uptime checks, and we redesigned the Application Health onboarding with ready-to-use curl examples when a check fails. We also squashed a batch of smaller issues, from webhook logs to notification destinations. Small improvements that add up. The changelog is the best way to stay on top of what ships. https://lnkd.in/eFJBfpWW

Have you tried our new CLI tool yet? When paired with your favourite agent, it unlocks a world of powerful options 🔥

Performance regressions rarely arrive with a bang. A deploy ships 200KB of new JavaScript, a marketing team adds a third-party tag, an image gets uploaded uncompressed, and six weeks later you notice search rankings drifting and bounce rates climbing. 📉 Oh Dear runs Lighthouse against your site daily and tracks scores across performance, SEO, accessibility, and best practices over time. When a score drops, you find out within minutes, not the next time someone runs a manual audit. Each recommendation comes with the file name, the line, and the estimated impact, so the team that needs to fix it has somewhere to start. https://lnkd.in/e9qj2ahW

Mixed content is the kind of issue that doesn't crash anything. It just quietly erodes trust. One image tag still pointing at http:// on an otherwise HTTPS page is enough to break the padlock, and browsers are getting stricter about it every year. Oh Dear crawls your sites daily and reports every offending URL, the HTML tag involved, and the insecure asset URL itself, so you can fix them in a single pass instead of hunting them down one at a time. Resolved issues only re-alert after 7 days, so you don't get flooded. https://lnkd.in/eCpZjjSC