topic Re: Dynatrace SSL Monitoring for 1000+ Domains – Recommended Automation Approach in Synthetic Monitoring

Dynatrace SSL Monitoring for 1000+ Domains – Recommended Automation Approach

Selvam — Mon, 29 Jun 2026 14:04:35 GMT

We are planning to onboard SSL certificate monitoring for approximately 1000 domains in Dynatrace.

Manually creating individual SSL monitoring configurations is not scalable and will create significant operational overhead.

What is the recommended enterprise-scale approach for SSL monitoring in Dynatrace?

Specifically:

Can SSL monitors be created and managed through the Dynatrace API, Terraform, or Automation Workflows?
Is there a bulk import option available?
What are best practices for maintaining a large inventory of domains (e.g., from an Excel sheet, CMDB, or DNS records)?
How do organizations typically automate onboarding and offboarding of SSL monitors for hundreds or thousands of domains?

Looking for guidance on a scalable and maintainable solution rather than manual configuration.

Re: Dynatrace SSL Monitoring for 1000+ Domains – Recommended Automation Approach

t_pawlak — Mon, 29 Jun 2026 14:43:13 GMT

Hi,
For an environment with 1000+ domains, I would definitely avoid managing SSL monitors manually.

My recommendation would be to treat SSL monitors as Infrastructure as Code and manage them with Terraform (preferred) or Monaco.

Terraform is particularly well suited because you can keep your inventory (CSV, YAML, JSON, CMDB export, etc.) outside of Dynatrace and use for_each to automatically create one monitor per domain. This makes onboarding and offboarding as simple as updating the inventory and re-running the deployment.

For example, we use a very similar approach for managing Dynatrace Management Zones. The configuration is generated from a table in tfvars, and Terraform iterates over the entries to create the required resources dynamically. Here's a simplified example of using a dynamic block:

dynamic "rule" { for_each = var.synthetic_monitor_name_value != null ? [var.synthetic_monitor_name_value] : [] content { type = "ME" enabled = true attribute_rule { entity_type = "BROWSER_MONITOR" attribute_conditions { condition { key = "BROWSER_MONITOR_TAGS" operator = "TAG_KEY_EQUALS" tag = var.auto_tag_name } } } } }

You could apply the same concept to SSL monitors—store all domains in a variable or data file and let Terraform create or remove the monitors automatically. This approach scales much better than relying on manual configuration or bulk imports and keeps your Dynatrace configuration synchronized with your source of truth.

Re: Dynatrace SSL Monitoring for 1000+ Domains – Recommended Automation Approach

t_pawlak — Mon, 29 Jun 2026 14:45:20 GMT

Of course, you can also automate this directly through the Dynatrace API if you prefer to build your own provisioning process. The Synthetic Monitors API supports creating, updating, deleting, and listing monitors, so it's perfectly possible to synchronize your inventory from a CMDB, DNS, or another source of truth.
Synthetic API v2
That said, I'd still lean towards Terraform (or Monaco) for long-term maintainability. Using Terraform with for_each gives you version-controlled, declarative configuration and makes onboarding/offboarding as simple as updating your inventory and applying the changes, rather than maintaining imperative API scripts.