SSL Certificate Checker

What this checker tells you (and what to look for)

An SSL certificate has a fixed expiry date, and the only warning you get is the one you set up yourself. Most certificates from Let's Encrypt last 90 days. Commercial certificates typically run for one year. Once the certificate expires, browsers show a full-page warning that most visitors won't click through — they'll just leave.

This checker shows the issuer, expiry date, days remaining, signature algorithm, and Subject Alternative Names (SANs). The number to watch is days remaining. Under 30 days means renewal should already be in progress. Under 14 means something is probably stuck — an expired payment method, a DNS validation that can't complete, or an auto-renewal process that failed silently.

SANs and why they matter

The Subject Alternative Names list shows every domain the certificate covers. A certificate issued for example.com might also cover www.example.com, api.example.com, and staging.example.com. If you've recently added a subdomain and it's not in the SAN list, that subdomain is either using a separate certificate or has no valid certificate at all — which means browsers will flag it as insecure.

From one-time check to continuous monitoring

Running a manual check tells you the state right now. But certificates expire on a schedule, and the failure mode is always the same: everything works fine until the day it doesn't, and then every visitor sees a browser warning. SSL certificate monitoring checks automatically and alerts you weeks before expiry — so the renewal has time to complete or fail loudly enough to fix. If you manage more than a few domains, the difference between a manual check and continuous monitoring is whether you find out before or after your users do.