SSL Certificate Checker

Enter any domain to check its SSL certificate details, expiry status, issuer, and Subject Alternative Names.

Certificate data is sourced from Certificate Transparency logs via crt.sh.

What are SSL/TLS certificates?

SSL/TLS certificates are digital documents that authenticate a website's identity and enable encrypted connections between browsers and servers. When you see the padlock icon in your browser's address bar, the site has a valid certificate and the connection is encrypted.

Technically, "SSL" refers to the older protocol — modern implementations use TLS (Transport Layer Security). The terms are often used interchangeably, but TLS 1.2 and 1.3 are the current standards.

Why certificates matter

  • Encryption — prevents eavesdropping on data in transit (passwords, credit cards, API keys)
  • Authentication — proves the server is who it claims to be, preventing man-in-the-middle attacks
  • Trust — browsers show warnings for invalid or expired certificates, which erodes user trust
  • SEO — search engines favour HTTPS sites over HTTP
  • Compliance — PCI DSS, HIPAA, and other standards require encrypted connections

Certificate expiry

Certificates have a fixed validity period. When a certificate expires, browsers display a prominent warning that deters visitors. Most certificates today are issued for 90 days (Let's Encrypt) or up to 398 days (commercial CAs). Google has proposed reducing maximum validity to 90 days across all CAs.

Best practices for managing certificate expiry:

  • Set up automated monitoring to alert when certificates are within 30 days of expiry
  • Use automated renewal tools like Certbot, which handle Let's Encrypt certificates automatically
  • Keep a certificate inventory for all domains and subdomains
  • Test renewal processes regularly — don't find out they're broken when the cert expires

Let's Encrypt

Let's Encrypt is a free, automated Certificate Authority that has issued billions of certificates since launching in 2016. It issues Domain Validation (DV) certificates with 90-day validity, encouraging automated renewal. If you see "R3", "R10", or "R11" as the issuer, the certificate is from Let's Encrypt.

Subject Alternative Names (SANs)

A SAN (Subject Alternative Name) is a certificate extension that allows a single certificate to cover multiple domain names. For example, a certificate for example.com might also list www.example.com, api.example.com, and mail.example.com as SANs. This is more efficient than issuing separate certificates for each subdomain.

Wildcard certificates (e.g. *.example.com) cover all subdomains at one level but not the apex domain itself — they typically include both *.example.com and example.com as SANs.

Certificate Transparency

This tool uses Certificate Transparency (CT) logs to find certificates. CT is a public framework that requires Certificate Authorities to log every certificate they issue to publicly auditable logs. This means you can discover all certificates ever issued for a domain — useful for security auditing, detecting unauthorized certificates, and tracking certificate history.