SSL Certificate Checker
Instantly verify SSL/TLS certificate validity, expiry date, issuer, and Subject Alternative Names for any HTTPS website.
Enter any HTTPS URL to inspect its SSL/TLS certificate — issuer, expiry date, days remaining, protocol version, and Subject Alternative Names.
What is SSL Certificate Checker?
SSL Certificate Checker connects directly to your server and inspects the SSL/TLS certificate in real time — no third-party APIs, no caching. It shows the issuer (Certificate Authority), the domains covered by the certificate (SANs), the exact expiry date, days remaining, TLS protocol version, and whether the certificate is self-signed.
An expired or misconfigured SSL certificate causes browsers to show security warnings, drops organic traffic, and can tank your SEO rankings because Google uses HTTPS as a ranking signal. Use this tool before launches, after certificate renewals, or as part of a regular website health check.
Common Use Cases
- Verifying SSL certificate is valid and not expired before a launch
- Checking how many days are left before certificate renewal is needed
- Confirming which domains are covered by a wildcard or multi-domain certificate
- Diagnosing SSL errors and mixed content warnings on a website
- Auditing TLS protocol version for security compliance
How to Use SSL Certificate Checker
- Enter the full HTTPS URL of the website you want to check (e.g. https://example.com).
- Click 'Check SSL' — the tool connects directly to the server and reads the certificate.
- Review the certificate details: issuer, expiry date, days remaining, and covered domains.
Related Tools
Test LCP, CLS, INP, FCP, and TTFB for mobile and desktop — powered by Google PageSpeed Insights.
Trace the full redirect chain for any URL and see each HTTP status code.
Inspect the HTTP response headers of any URL — cache policy, security headers, content encoding, and more.
FAQ
Why does Google care about SSL certificates?
Google has used HTTPS as a ranking signal since 2014 and Chrome marks HTTP sites as 'Not Secure'. An expired or invalid SSL certificate causes browser warnings that drive visitors away and signal to Google that the site may be untrustworthy. Sites without valid SSL typically rank lower than equivalent HTTPS alternatives.
What does 'self-signed certificate' mean?
A self-signed certificate is one that was not issued by a trusted Certificate Authority (CA) — the website signed its own certificate. Browsers do not trust self-signed certificates by default and show security warnings. For any public-facing website, you need a certificate from a trusted CA like Let's Encrypt, DigiCert, or Sectigo.
How early should I renew my SSL certificate?
Best practice is to renew at least 30 days before expiry. Most automated systems (like Let's Encrypt's Certbot) renew at 60 days remaining. Waiting until the last minute risks service disruption if renewal fails — browsers immediately block access to sites with expired certificates.
What are Subject Alternative Names (SANs)?
SANs are the list of domain names that a single SSL certificate covers. A wildcard certificate for *.example.com covers all subdomains. A multi-domain (SAN) certificate can list multiple unrelated domains. The checker shows all SANs so you can verify your certificate covers every domain and subdomain you need.
What is TLS and how is it different from SSL?
TLS (Transport Layer Security) is the modern, secure version of the older SSL (Secure Sockets Layer) protocol. SSL 2.0 and 3.0 are deprecated and insecure. TLS 1.2 is the current minimum standard; TLS 1.3 is the recommended version. The checker reports which protocol version your server uses.