Transport Layer Security (TLS) is crucial for secure internet transactions. Mux developed an open-source certificate-expiry-monitor tool that uses Kubernetes API to discover servers using TLS certificates and emits Prometheus metrics with expiration times for installed certificates on each server. This helps in alerting when certificates are not being renewed automatically, preventing service unavailability due to expired certificates. The certificate-expiry-monitor tool was built in Go and can be configured with key options such as polling interval, Kubernetes namespace, labels, and domains to monitor. It generates Prometheus metrics for each pod + domain combination, indicating the time-to-expiry, time-since-issued, and certificate status. The tool has been integrated into Mux's infrastructure with a Grafana dashboard for monitoring and Prometheus alerting rules for warning when certificates are nearing expiry or have expired.