SSL Certificate Check
SSL Certificate Check
Inspect SSL/TLS certificates, expiry, issuer chain, and configuration.
Enter a domain above to inspect its SSL certificate
About this tool
- How often should I renew my SSL certificate?
- Let's Encrypt certificates expire every 90 days. Certificates from commercial CAs typically expire after 1–2 years. Set up auto-renewal (e.g. via certbot or your hosting panel) to avoid unexpected outages.
- What is a Subject Alternative Name (SAN)?
- A field in the certificate that lists additional domain names and subdomains the certificate covers. Modern certificates use SANs instead of (or in addition to) the Common Name field.
- What does 'chain depth' mean?
- The number of certificates in the trust chain from your end-entity certificate up to a root CA. A depth of 1 means a root-signed certificate (unusual); depth of 2 is typical for modern CAs using an intermediate.
- What TLS versions should I support?
- TLS 1.2 and 1.3 are current. TLS 1.0 and 1.1 are deprecated and should be disabled — most browsers and mail clients no longer accept them.