SSL Certificate Checker
Inspect SSL/TLS certificates for any domain, including issuer, validity period, SANs and chain depth.
About the SSL Certificate Checker
SSL/TLS certificates are the foundation of secure web communications. They serve two purposes: they encrypt data in transit between a visitor's browser and your web server, and they verify that your server is genuinely who it claims to be. An expired, misconfigured, or untrusted certificate causes browser security warnings, breaks API connections, and damages visitor trust.
What this tool checks
- Validity period — Whether the certificate is currently within its valid date range and has not expired, plus the exact expiry date and days remaining.
- Issuer and trust chain — The Certificate Authority (CA) that issued the certificate (e.g. Let's Encrypt, DigiCert, Sectigo, Amazon Trust Services) and whether the full chain of trust is correctly configured.
- Domain coverage — Which domains the certificate is valid for, including wildcard entries (
*.example.com) and Subject Alternative Names (SANs). - Protocol and cipher support — Which TLS versions the server accepts (TLS 1.2, TLS 1.3) and whether outdated protocols (TLS 1.0 / 1.1) are still enabled.
- HSTS — Whether HTTP Strict Transport Security is set, instructing browsers to always use HTTPS.
Common SSL/TLS problems
- Expired certificate — The most common issue. Let's Encrypt certificates expire every 90 days; ensure auto-renewal (via certbot or similar) is correctly configured.
- Incomplete chain — If intermediate (CA) certificates are missing, many browsers and API clients will refuse to trust the connection even if the domain certificate itself is valid.
- Name mismatch — The certificate is issued for a different domain than the one being accessed (e.g. certificate for
example.combut visitingwww.example.comwithout a wildcard). - Self-signed certificate — Certificates not issued by a trusted CA. Acceptable on internal systems but will always show browser warnings to public visitors.
- Weak protocols — TLS 1.0 and 1.1 are deprecated and considered insecure. Modern servers should only accept TLS 1.2 and 1.3.
For a quick check of just the expiry date without the full certificate details, use the SSL Expiry Checker.
Frequently asked questions
What information does this show?
The tool shows certificate subject, issuer (CA), validity dates, days remaining, SANs, signature algorithm, serial number and chain depth.
What is an expired SSL certificate?
An expired certificate is past its validity end date. Browsers will show security warnings and may block access until renewal.
What are SANs?
SANs (Subject Alternative Names) are additional domain names covered by the same certificate, such as www.example.com and api.example.com.