Skip to content

SSL Certificate Checker

Check SSL/TLS certificate details and validity for any domain

Your SSL Cert Expired and Now Nobody Can Reach Your Site

It’s Monday morning. Your site’s down. Users see a full-screen browser warning saying the connection isn’t secure. Chrome won’t even let them click through to the page. Your Let’s Encrypt certificate expired over the weekend because the auto-renewal cron job broke and nobody noticed.

This happens more often than anyone admits. Let’s Encrypt issues 90-day certificates, so they renew frequently. If your renewal process fails silently, you’ve got about 30 days before everything goes dark.

Check any domain’s SSL certificate here. You’ll see the issuer, validity dates, days until expiry, subject alternative names (which domains the cert covers), key size, and a clear status banner: valid, expiring soon (within 30 days), or expired.

What to Look For

Days until expiry. If it’s under 30, something might be wrong with your auto-renewal. If it’s under 7, drop everything and fix it.

Subject Alternative Names (SANs). Your cert covers example.com and www.example.com, but what about api.example.com? If the API subdomain isn’t in the SAN list, it needs its own certificate.

Issuer. Let’s Encrypt certs are fine for most purposes. But if you need Extended Validation (the green bar that some browsers used to show), you need a cert from DigiCert, Comodo, or similar commercial CAs.

Key size. RSA 2048-bit is the current minimum. If you see 1024-bit, that cert was issued years ago and needs replacement — 1024-bit RSA is considered cryptographically weak.

Avoiding the Outage

Check monthly. Put a calendar reminder. It takes 10 seconds.

Test after renewal changes. Switched hosting providers? Migrated to Cloudflare? Changed your Nginx config? Check the cert immediately after any infrastructure change.

Monitor your wildcard certs. A wildcard cert (*.example.com) covers subdomains, but it doesn’t cover the root domain (example.com) unless the root is explicitly in the SAN list. People get burned by this regularly.

Verify after adding subdomains. You added staging.example.com. Does your cert cover it? If it’s a Let’s Encrypt cert, you might need to re-issue with the new subdomain included.

When an SSL cert expires, it’s not just an inconvenience. Search engines downrank sites with certificate issues. Users lose trust. E-commerce sites lose revenue. The fix is usually simple (renew the cert), but the impact of missing it is outsized.

The HTTP Headers Analyzer checks security headers on your responses. The DNS Lookup verifies your domain’s DNS records. The URL Availability Checker confirms whether the site is responding at the HTTP level.

network ssl tls certificate security

Related Tools

More in Network Tools