diff --git a/nixos/roles/monitoring/rules.yml b/nixos/roles/monitoring/rules.yml
index 6a78b779..7f0cf05b 100644
--- a/nixos/roles/monitoring/rules.yml
+++ b/nixos/roles/monitoring/rules.yml
@@ -50,3 +50,11 @@ groups:
              severity: warning
           annotations:
              description: "mail queue {{ $labels.queue }} of {{ $labels.name }} has accumulated a waiting time of {{ $value | humanizeDuration }}."
+        # TLS
+        - alert: CertificateExpiry
+          expr: probe_ssl_earliest_cert_expiry - time() < 86400 * 14
+          for: 10m
+          labels:
+            severity: warning
+          annotations:
+            summary: "Certificate for {{ $labels.instance }} is expiring soon."