The SSL Certificate Checker connects to any domain and retrieves its SSL/TLS certificate, reporting everything you need to know at a glance: whether it is valid, how many days until expiry, who issued it, which domains it covers (SANs), the key type and size, and the chain length. It also attempts certificate verification and reports the specific error if validation fails — useful for diagnosing expired, self-signed, or mismatched certificates.
1. Enter a domain name (e.g. example.com) — no https:// needed.
2. To check a non-standard port, add it after a colon: example.com:8443.
3. Click Check Certificate or press Enter.
4. Results show validity status, expiry date with days remaining, issuer, all SANs, and technical details.
What does this tool check?
It connects to your domain on port 443 (or a custom port), retrieves the SSL/TLS certificate, and reports: validity status, expiry date and days remaining, the issuing certificate authority, the subject CN, all Subject Alternative Names (SANs), the key type and size, signature algorithm, and chain length.
What is a Subject Alternative Name (SAN)?
A SAN is an additional domain or subdomain that a certificate is valid for. Modern certificates use SANs rather than the CN to list all covered domains. A wildcard SAN like *.example.com covers all immediate subdomains. This tool lists all SANs so you can confirm your certificate covers the domains you need.
My certificate shows as invalid — why?
Common reasons include: the certificate is expired, the domain does not match any SAN on the certificate, the certificate is self-signed and not trusted by a public CA, or the intermediate certificate chain is incomplete. The tool reports the specific verification error to help you diagnose the issue.
How many days before expiry should I renew?
Most CAs recommend renewing at 30 days remaining. If you use Let's Encrypt with auto-renewal (certbot), it renews at 30 days automatically. Waiting too long risks the certificate expiring before the renewal processes, which causes browser warnings for all visitors.
Can I check a non-standard port?
Yes — enter the domain with a colon and port number, such as example.com:8443. The default is port 443.