SSL certificate checker
See a host's TLS certificate issuer, validity dates, and days until it expires.
Expired TLS certificates take sites down and scare away visitors. Enter a hostname and we read its served certificate and show the issuer, common name, valid-from and valid-to dates, and the number of days remaining — so you can renew before it lapses.
Frequently asked questions
How early should I renew a certificate?
Renew at least two weeks before expiry. SJ Monitor can watch a certificate for you and alert you automatically as the date approaches.
Does this check the full chain?
This tool reports the leaf certificate served by the host. Use the SSL chain checker to verify intermediates, and SJ Monitor's SSL monitoring to track expiry continuously.
Why does my certificate look valid here but browsers warn?
The leaf can be valid while an intermediate is missing, the name doesn't match (check the SANs), or the system clock is wrong. A browser validates the whole chain and hostname, not just the leaf this tool reads.
How long are certificates valid these days?
Public TLS certificates max out at about 398 days, and the industry is moving toward much shorter lifetimes. Short validity is exactly why automated renewal and expiry monitoring matter.
What is the difference between a wildcard and a SAN certificate?
A wildcard like *.example.com covers all direct subdomains of one level, while a SAN (multi-domain) certificate lists specific hostnames explicitly. Wildcards don't cover nested subdomains or the bare apex unless it's listed separately.
Does a self-signed certificate work for HTTPS?
It encrypts traffic but isn't trusted by browsers, so visitors see a warning. For public sites use a certificate from a trusted CA; self-signed certs are fine only for internal or testing use.
More SSL/TLS & security tools tools
Want this checked automatically and around the clock? Create a free SJ Monitor account and we'll alert you the moment something changes.