๐Ÿฆฆ
AnotterToolbox
๐Ÿ”’

SSL Certificate Checker

Check SSL certificate validity and expiry

๐Ÿ’ก SSL data is fetched via a public certificate transparency API. Results reflect publicly visible certificate information.

What is SSL/TLS?

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that provide secure communication over the internet. When a website has SSL/TLS, all data transmitted between the visitor's browser and the server is encrypted โ€” protecting passwords, personal information, and any other sensitive data from interception.

The padlock icon in your browser's address bar indicates an active SSL/TLS connection. The https:// prefix (as opposed to http://) indicates the site uses encryption.

How to use the SSL Checker

  1. Enter a domain name (without https://) โ€” for example google.com or anottertoolbox.dev
  2. Click "Check SSL" โ€” the tool fetches certificate information from public certificate transparency logs
  3. Review the results โ€” you'll see whether the certificate is valid, how many days until expiry, the issuer, and validity dates

The tool uses certificate transparency data from crt.sh, which logs all publicly trusted certificates.

Understanding the results

Days until expiry โ€” the most critical metric. Green means you have time, yellow means renewal is approaching, red means the certificate has expired or is expiring very soon.

Issuer โ€” the Certificate Authority (CA) that issued the certificate. Common CAs include Let's Encrypt (free, automated), DigiCert, Comodo/Sectigo, and GlobalSign.

Valid from / Valid to โ€” the certificate's validity window. Certificates issued after September 2020 are valid for a maximum of 398 days.

Common SSL issues and fixes

Certificate expired โ€” renew immediately. If you use Let's Encrypt, check that your auto-renewal setup (certbot or similar) is working correctly.

Certificate not trusted โ€” the certificate may be self-signed or issued by a CA not trusted by browsers. Use a certificate from a trusted CA.

Wrong domain โ€” the certificate was issued for a different domain. Ensure the certificate covers your exact domain (and www subdomain if needed).

Mixed content โ€” the page loads over HTTPS but includes HTTP resources. All resources must be served over HTTPS.

Frequently Asked Questions

What is an SSL/TLS certificate?+
An SSL/TLS certificate is a digital document that authenticates a website's identity and enables encrypted connections. It contains the domain name, the certificate authority (CA) that issued it, the validity period, and a public key used for encryption. When you see the padlock icon in your browser, the site has a valid SSL certificate.
What is the difference between SSL and TLS?+
SSL (Secure Sockets Layer) is the older protocol, now considered insecure. TLS (Transport Layer Security) is its modern, secure replacement. Despite SSL being deprecated, the term "SSL certificate" is still commonly used colloquially for what are technically TLS certificates. All modern sites use TLS 1.2 or 1.3.
What happens when an SSL certificate expires?+
When a certificate expires, browsers display a security warning to visitors and block access to the site by default. Search engines may also lower the site's ranking. Most browsers show a full-page warning with options to go back or proceed at your own risk. It's critical to renew certificates before they expire.
How often do SSL certificates need to be renewed?+
As of 2020, SSL certificates are issued for a maximum of 398 days (about 13 months). Many providers offer 90-day certificates (like Let's Encrypt) with automated renewal. It's best practice to renew at least 30 days before expiry to avoid outages.
What is a wildcard SSL certificate?+
A wildcard certificate covers a domain and all its immediate subdomains. A certificate for *.example.com covers www.example.com, mail.example.com, app.example.com, etc., but not sub.subdomain.example.com. Wildcard certificates are convenient for organizations with many subdomains.
What is certificate transparency?+
Certificate Transparency (CT) is an open framework for monitoring SSL certificates. All publicly trusted CAs are required to log issued certificates to public CT logs. This allows anyone to monitor certificates issued for their domains and detect unauthorized certificates. Our tool uses CT log data from crt.sh.
What is the difference between DV, OV, and EV certificates?+
DV (Domain Validation) certificates verify only that the applicant controls the domain โ€” they're quick and free (Let's Encrypt). OV (Organization Validation) certificates verify the organization's identity โ€” requires documentation. EV (Extended Validation) certificates require rigorous vetting and used to show a green bar in browsers, though most browsers have removed this visual distinction.
ssltlscertificatehttpsssl checkercert expiry