SSL Certificate Check

SSL Certificate Check

Inspect SSL/TLS certificates, expiry, issuer chain, and configuration.

Enter a domain above to inspect its SSL certificate

About this tool

How often should I renew my SSL certificate?
Let's Encrypt certificates expire every 90 days. Certificates from commercial CAs typically expire after 1–2 years. Set up auto-renewal (e.g. via certbot or your hosting panel) to avoid unexpected outages.
What is a Subject Alternative Name (SAN)?
A field in the certificate that lists additional domain names and subdomains the certificate covers. Modern certificates use SANs instead of (or in addition to) the Common Name field.
What does 'chain depth' mean?
The number of certificates in the trust chain from your end-entity certificate up to a root CA. A depth of 1 means a root-signed certificate (unusual); depth of 2 is typical for modern CAs using an intermediate.
What TLS versions should I support?
TLS 1.2 and 1.3 are current. TLS 1.0 and 1.1 are deprecated and should be disabled — most browsers and mail clients no longer accept them.