SSL Certificate Checker
Look up the live TLS certificate a public domain presents on port 443 and see its issuer, subject, validity window, days until expiry, and listed hostnames.
How to use this tool
- 1
Type a domain or URL into the input box, for example example.com or https://example.com.
- 2
Click Analyze to open a TLS connection to that host on port 443 and fetch its certificate.
- 3
Read the subject and issuer panels, then check the Valid from, Valid to, and Days remaining boxes.
- 4
Scan the SAN line to confirm the certificate actually covers the hostname you queried.
How does checking an SSL certificate over port 443 work?
When a browser connects to an HTTPS site, the server completes a TLS handshake and presents an X.509 certificate that binds its public key to one or more hostnames, signed by a Certificate Authority. This tool reproduces the start of that handshake: it opens a TLS connection to the domain you enter on port 443, sends the hostname as the SNI (Server Name Indication) value so virtual-hosted servers return the right certificate, and reads the leaf certificate the server offers. From that certificate it extracts the subject (who the cert is issued to), the issuer (the signing CA), the not-before and not-after dates, and the subjectAltName (SAN) list of covered hostnames. Days remaining is computed by subtracting the current server time from the not-after date and flooring to whole days. Certificates are time-bound by design: Let's Encrypt issues 90-day certs meant for automated renewal, while many commercial CAs cap validity around 398 days. An expired or hostname-mismatched certificate makes browsers block the page with a full-screen warning, so watching the expiry date is the practical point of a check like this.
Common use cases
Confirm a newly issued or renewed certificate is actually live on the server before announcing a launch.
Catch a certificate that is within 30 days of expiry (the tool flags it in red) so you can renew before users hit warnings.
Verify the SAN list includes every subdomain you serve, such as www and api, after editing a multi-domain cert.
Check which Certificate Authority signed a third-party or vendor endpoint you depend on.
Spot-check that an automated renewal job (for example Let's Encrypt via certbot) actually swapped in the new certificate.
Read the exact valid-from and valid-to timestamps when debugging a clock-skew or not-yet-valid certificate error.
Frequently asked questions
Does this tool run in my browser or on the server?▼
Which hosts can I check?▼
What does Days remaining mean and when does it turn red?▼
What is the SAN field?▼
Why might a lookup fail or time out?▼
Does it validate the full certificate chain or revocation?▼
Related tools
DNS Lookup
Look up DNS records (A, AAAA, MX, TXT, NS) for any domain.
WHOIS Lookup
Get full WHOIS data for any domain.
HTTP Header Analyzer
Inspect HTTP response headers and security signals.
HTTP Status Code Checker
Check status code of any URL — single or bulk.
Redirect Chain Tracer
Follow every hop in a redirect chain.
Mixed Content Checker
Find HTTP resources loaded on HTTPS pages.