Use this SSL Certificate Checker to verify a domain’s SSL/TLS certificate in seconds. It helps you confirm the certificate is valid, not expired, issued by a trusted CA, and correctly configured for the hostname your users visit. If your site shows browser warnings (expired certificate, connection not private, name mismatch), this tool helps you pinpoint the cause fast.
For best results, test the exact hostname your users access (example.com vs www.example.com) and confirm the certificate covers both via SAN. If your server uses SNI or hosts multiple sites on one IP, use the hostname override to ensure the correct certificate is returned.
SSL Certificate Checker
Check a domain’s SSL/TLS certificate (expiry, issuer, chain, hostname match, and security details).
What this SSL checker validates
- Certificate expiry date and remaining days
- Issuer and subject details
- Hostname match (CN/SAN coverage)
- Certificate chain (leaf, intermediates, root) as presented
- Negotiated TLS protocol and cipher (for this connection)
How to check an SSL certificate
- Enter a hostname (example.com) or full URL (https://example.com)
- Choose port (default 443)
- Click Check SSL
- Review validity, expiry, issuer, hostname match, and chain
- Fix issues and re-check after changes
Common SSL issues and how to fix them
| Problem | Typical cause | Fix |
|---|---|---|
| Certificate expired | Renewal not done | Renew certificate and reload server |
| Name mismatch | Cert doesn’t cover hostname | Issue cert with correct SANs |
| Incomplete chain | Missing intermediate | Install fullchain/bundle |
| Handshake failure | TLS/cipher config | Enable modern TLS versions/ciphers |
| Wrong cert served | SNI or vhost config | Use SNI and confirm correct vhost bindings |
Frequently Asked Questions
How do I check when my SSL certificate expires?
Enter the hostname (example.com) and run a check. The tool shows the Valid To date and an expiry countdown (with warnings at 30/14/7 days).
What is a certificate chain and why does it matter?
A chain is the leaf certificate plus intermediate certificates up to the root CA. Missing intermediates can cause browser trust errors even if the leaf certificate is valid.
Why do I get NET::ERR_CERT_COMMON_NAME_INVALID?
That error usually means the certificate doesn’t cover the hostname you’re visiting (CN/SAN mismatch). Check www vs root domain and make sure SAN includes the exact hostnames.
What does “incomplete chain” mean?
Your server is not sending required intermediate certificates. Install the full chain bundle (often called fullchain.pem) and re-test.
What is SAN in an SSL certificate?
SAN (Subject Alternative Names) is the list of hostnames the certificate is valid for. Modern browsers validate hostnames against SAN, not just the CN field.
What is SNI and why does it affect which certificate is returned?
SNI lets multiple domains share one IP. If SNI is missing or wrong, the server may return a default certificate. Use the SNI/hostname override for multi-cert hosts.
What is the difference between SSL and TLS?
TLS is the modern protocol. “SSL” is commonly used as shorthand, but most servers use TLS 1.2/1.3 today.
Does this tool check TLS versions (1.0–1.3)?
This checker shows the negotiated protocol and cipher for the connection. Full protocol scanning can be added later.
How do I fix mixed content after enabling HTTPS?
Update page resources (scripts/images/styles) to load over https://, and fix any hard-coded http:// URLs.
How often should I check my certificate?
At least monthly and after changes to hosting/CDN/WAF. Also check before renewal windows (30/14/7 days).
Related tools
- WHOIS Lookup — check domain registration details
- DNS Records Lookup — verify A/AAAA/CNAME/MX before SSL setup
- Website Status Checker — confirm the site is reachable
- Hash Generator — verify file integrity after downloads