Guide
This free SSL checker tells you whether a domain's HTTPS certificate is valid: who issued it, when it expires (with days remaining), which hostnames it covers, and whether browsers will trust it. Enter a domain and get a clear verdict — valid, expiring soon, or problem — with each issue explained.
How to check an SSL certificate
- Paste a domain or URL (e.g.
example.com— the hostname is extracted automatically). - Click "Check". Our server opens one TLS connection to port 443 and reads the certificate metadata only.
- Read the verdict badge first, then the details: issuer, validity window, covered hostnames, and the certificate chain.
What the verdicts mean
| Verdict | Meaning | What to do |
|---|---|---|
| Valid | Trusted chain, hostname covered, not close to expiry | Nothing — you're good |
| Expiring soon | Less than 30 days remain | Confirm auto-renewal works before the deadline |
| Problem | Expired, hostname not covered, or untrusted chain | Fix before visitors see browser warnings |
Example
Checking yourcompany.com might show: issued by Let's Encrypt, valid for another 58 days (green badge), covering yourcompany.com and www.yourcompany.com, negotiated over TLSv1.3 — a healthy setup with auto-renewal working. The same check on a forgotten subdomain might return "Expired 12 days ago", telling you exactly what visitors have been seeing.
Common problems this catches
- Expired certificate — renewal automation silently broke; browsers show a full-page warning.
- Hostname mismatch — the certificate covers
example.combut not theshop.example.comyou serve. - Missing intermediate certificate — works in some browsers, fails in others and in many API clients.
Related lookups
- Where does the domain resolve, and who hosts it? → DNS lookup
- Who owns the domain, and when does the registration expire? → WHOIS lookup
Limitations
- The check connects to port 443 only; certificates on non-standard ports are not inspected.
- One certificate is read per check — SNI is used, so the certificate for the exact hostname you enter is what gets verified.


