All tools
Security tools

SSL Certificate Checker

Check any domain's SSL certificate — expiry date, days remaining, issuer, SANs and signature algorithm — in seconds.

Expiry & days left Issuer & CA SANs (up to 20) Signature algorithm Serial number
Get started free Sign in

Free · No credit card · 50 credits/day

What you get from every check

📅

Expiry date & days remaining

The exact date the certificate expires and a countdown of days left. Negative = already expired. Flag anything under 30 days for immediate renewal.

🏢

Issuer & Certificate Authority

The organisation that issued the certificate — Let's Encrypt, DigiCert, Sectigo, Comodo, etc. — and their Common Name.

🌐

Subject Alternative Names

Every domain name the certificate covers, including wildcard entries like *.example.com. Up to 20 SANs shown.

🔐

Signature algorithm

The algorithm used to sign the certificate — typically SHA256withRSA. MD5 and SHA-1 signatures are deprecated and flag a security warning.

🔢

Serial number

The unique hex identifier assigned by the CA. Useful for identifying a specific certificate when checking revocation lists (CRL/OCSP).

Valid / expired status

A clear valid or expired flag based on the current date vs the certificate's not-after date.

DV, OV and EV certificates

Three validation levels — same encryption, different identity assurance.

Type Validates Issuance time Best for
DV
Domain Validation
Domain control only Minutes Personal sites, blogs, Let's Encrypt
OV
Organisation Validation
Domain + org identity 1–3 days Business websites, SaaS
EV
Extended Validation
Strict legal entity vetting 1–5 days Banks, e-commerce, high-trust sites

All three types provide the same TLS encryption — they differ only in how much identity information the CA has verified.

⏰ When to renew

30+ days
All good
14–30 days
Schedule renewal
1–14 days
Renew now
0 / expired
Site broken

Let's Encrypt auto-renews at 30 days. For paid certs, set a calendar reminder at 30 days — most CAs take 1–3 days to reissue.

Frequently asked questions

How do I check if my SSL certificate is expired?

Enter your domain name in the SSL Certificate Checker. The tool connects to port 443, retrieves the certificate and shows the expiry date and days remaining. A negative number means the certificate has already expired.

What are Subject Alternative Names (SANs)?

Subject Alternative Names list all domain names a certificate is valid for. A certificate for example.com might also cover www.example.com and api.example.com in its SAN list. Wildcard entries like *.example.com cover all immediate subdomains.

How early should I renew my SSL certificate?

Renew at least 30 days before expiry. Let's Encrypt certificates expire every 90 days and are typically auto-renewed at 30 days remaining. An expired certificate causes browser warnings and blocks all HTTPS traffic.

What is the difference between DV, OV and EV certificates?

DV (Domain Validation) only proves you control the domain — issued in minutes, used by Let's Encrypt. OV (Organisation Validation) additionally verifies your organisation identity. EV (Extended Validation) has the strictest vetting. All three provide the same TLS encryption.

Related security tools

More tools to audit your site's security posture.

Security Headers Checker

Audit HTTP security headers — HSTS, CSP, X-Frame-Options and more.

DNS Lookup

Query A, AAAA, MX, TXT, CNAME, NS and SOA records for any domain.

CORS Tester

Check whether a URL returns the correct CORS headers for cross-origin requests.

Check a certificate now

Free account. 50 credits per day. Access to 75+ tools instantly.

Create free account →