Inspect SSL/TLS certificate validity, issuer, and security configuration
• Domain: enter a bare domain without https:// (e.g. example.com)
• Checks HTTPS certificate validity and expiry
• Shows certificate issuer and validity period
An SSL certificate check connects to your domain over TLS, retrieves the full certificate chain, and reports the leaf certificate's issuer, validity window, expiry countdown, and a deep-audit security grade covering cipher suite, OCSP revocation status, TLS protocol support, and embedded SCTs. A single check gives you both the basic validity picture and the detailed security posture of your HTTPS endpoint.
Common uses include confirming a newly issued certificate is deployed correctly, monitoring days-to-expiry before an outage, verifying the certificate issuer after a CA migration, and identifying deprecated TLS versions or weak key algorithms in a security review.
The certificate's Subject Alternative Names do not include the domain you checked. Browsers will show a security warning for such connections. Reissue the certificate with the correct names or check that you're using the right domain.
Renewing 30 days before expiry is a common practice. Let's Encrypt certificates are often auto-renewed 60 days before expiry. The expiry countdown shown here makes it easy to track this.
OCSP (Online Certificate Status Protocol) lets browsers check whether a certificate has been revoked by its CA. A 'good' status means the certificate has not been revoked; 'revoked' means the CA has invalidated it and the connection should not be trusted.
Self-signed certificates are not issued by a trusted CA, so browsers show security warnings. They are fine for internal or development use, but public-facing services should use a CA-issued certificate.