SSL Expiry Checker
Check when an SSL certificate expires and how many days remain before you need to renew it.
About SSL Certificate Expiry
SSL/TLS certificates have a fixed validity period — currently capped at 398 days by major browsers. When a certificate expires, browsers display a security warning that prevents most users from accessing the site. Monitoring certificate expiry is a routine but critical operations task.
Certificate lifetimes and auto-renewal
Let's Encrypt certificates expire after 90 days and are typically configured to auto-renew at 60 days remaining. Commercial certificates are usually issued for 1 year. The 90-day cycle encourages automation — manual renewal of short-lived certificates is impractical at scale.
Why certificates expire unexpectedly
- Auto-renewal failed silently (ACME challenge blocked by firewall, incorrect DNS, or expired account)
- Certificate was installed on one server but not renewed on all load balancer nodes
- The domain or server was forgotten after a migration
- Certificate was purchased through a third party and renewal notifications went to a defunct email address
Best practices
- Set calendar reminders at 30 days and 7 days before expiry for any manually managed certificates
- Use automated monitoring — this tool is for quick manual checks; production monitoring should alert automatically
- After any renewal, verify the new certificate is live and the chain is complete
For a full certificate chain inspection including cipher suites and TLS version support, use the SSL Certificate Checker.