diff --git a/manifests/site.pp b/manifests/site.pp
index af4901ed7d..eee1b297e0 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -86,6 +86,7 @@ node 'jenkins-dev.openstack.org' {
 }
 
 node 'cacti.openstack.org' {
+  include openstack_project::ssl_cert_check
   class { 'openstack_project::cacti':
     sysadmins => hiera('sysadmins'),
   }
diff --git a/modules/openstack_project/files/ssl_cert_check/ssldomains b/modules/openstack_project/files/ssl_cert_check/ssldomains
new file mode 100644
index 0000000000..82ca551077
--- /dev/null
+++ b/modules/openstack_project/files/ssl_cert_check/ssldomains
@@ -0,0 +1,5 @@
+review.openstack.org 443
+jenkins.openstack.org 443
+etherpad.openstack.org 443
+wiki.openstack.org 443
+www.openstack.org 443
diff --git a/modules/openstack_project/manifests/ssl_cert_check.pp b/modules/openstack_project/manifests/ssl_cert_check.pp
new file mode 100644
index 0000000000..ee394b8a10
--- /dev/null
+++ b/modules/openstack_project/manifests/ssl_cert_check.pp
@@ -0,0 +1,16 @@
+# Class to configure ssl-cert-check on a node.
+class openstack_project::ssl_cert_check {
+  class { '::ssl_cert_check':
+    domainlist_file => '/var/lib/certcheck/ssldomains',
+    email           => 'root',
+    days            => '30'
+  }
+
+  file { '/var/lib/certcheck/ssldomains':
+      ensure  => present,
+      owner   => 'certcheck',
+      group   => 'certcheck',
+      mode    => '0444',
+      source  => 'puppet:///modules/openstack_project/ssl_cert_check/ssldomains'
+  }
+}
diff --git a/modules/ssl_cert_check/manifests/init.pp b/modules/ssl_cert_check/manifests/init.pp
new file mode 100644
index 0000000000..3cc9d3280a
--- /dev/null
+++ b/modules/ssl_cert_check/manifests/init.pp
@@ -0,0 +1,41 @@
+# == Class: ssl_cert_check
+#
+class ssl_cert_check(
+  $domainlist_file = '',
+  $email = '',
+  $days = ''
+) {
+  package { 'ssl-cert-check':
+    ensure => present,
+  }
+
+  file {'/var/lib/certcheck':
+    ensure  => directory,
+    owner   => 'certcheck',
+    group   => 'certcheck',
+    mode    => '0755',
+    require => User['certcheck'],
+  }
+
+  group { 'certcheck':
+    ensure => present,
+  }
+
+  user { 'certcheck':
+    ensure     => present,
+    home       => '/var/lib/certcheck',
+    shell      => '/bin/bash',
+    gid        => 'certcheck',
+    managehome => true,
+    require    => Group['certcheck'],
+  }
+
+  cron { 'check ssl certificates':
+    user    => 'certcheck',
+    command => "ssl-cert-check -a -q -f ${domainlist_file} -x ${days} -e ${email}",
+    hour    => '12',
+    minute  => '04',
+  }
+}
+
+# vim:sw=2:ts=2:expandtab:textwidth=79