Free Online SSL Certificate Checker
Check SSL/TLS certificate details, expiry dates, and coverage for any domain using certificate transparency logs. Free online tool.
100% Client-Side · Your data never leaves your browserHow to Use SSL Certificate Checker
Enter any domain name (e.g., example.com) in the input field and click Check SSL or press Ctrl/Cmd+Enter.
The tool queries crt.sh, a public database of certificate transparency logs. It returns:
- Current certificate card — common name, issuer, validity period, and a color-coded expiry badge (green = >30 days, amber = 7–30 days, red = <7 days or expired).
- Covered domains (SANs) — all domain names the certificate is valid for, displayed as tags.
- Certificate history — a collapsible table showing all logged certificates for the domain, useful for auditing past issuances.
Note: this tool shows certificates that have been logged to CT logs. It does not perform a live TLS handshake with the server.
Frequently Asked Questions
What is an SSL/TLS certificate?
An SSL/TLS certificate is a digital document that authenticates a website's identity and enables encrypted connections. It contains the domain name, issuing authority, validity period, and public key. Modern browsers show a padlock icon when a valid certificate is present.
What are certificate transparency logs?
Certificate Transparency (CT) is a public framework that requires certificate authorities to log every certificate they issue to publicly auditable logs. This allows anyone to monitor for misissued or fraudulent certificates. This tool queries crt.sh, which aggregates these logs.
What are SAN domains?
SAN stands for Subject Alternative Name. A single certificate can cover multiple domains listed as SANs — for example, a certificate for example.com might also cover www.example.com and api.example.com. This is standard practice for modern TLS certificates.
What is a wildcard certificate?
A wildcard certificate covers a domain and all its immediate subdomains using an asterisk (*). For example, *.example.com covers mail.example.com, api.example.com, and any other first-level subdomain, but not sub.api.example.com.
How early should I renew an SSL certificate?
Most certificate authorities recommend renewing at least 30 days before expiry. This tool highlights certificates expiring in under 30 days in amber and those expiring in under 7 days (or already expired) in red. Automated tools like Let's Encrypt renew 30 days before expiry by default.
What is Let's Encrypt?
Let's Encrypt is a free, automated, open certificate authority operated by the Internet Security Research Group (ISRG). It issues 90-day certificates and provides the Certbot tool to automate renewal. It's now the world's largest certificate authority by issuance volume.
How is this different from a live SSL check?
This tool queries certificate transparency logs (crt.sh), which shows certificates that have been issued and logged. It does not establish a live TLS connection to the server, so it cannot check the certificate currently being served or validate the chain of trust in real-time.