$ ssl
SSL Certificate Checker
Free, no signup. Runs from our distributed probes — see how your certificate looks from different parts of the world.
What is an SSL certificate check?
The checker connects to your host over TLS, retrieves the certificate chain and validates it: expiration date, hostname match, chain completeness and protocol.
Expired and misconfigured certificates are among the most avoidable outages on the internet — the browser warning your users see is fully predictable weeks in advance.
How to read the results
- Days to expiry is the number that matters most — renew well before it reaches zero, and automate the renewal if you can.
- A hostname mismatch means the certificate was issued for a different domain — usually a misrouted virtual host or a missing SAN entry.
- An incomplete chain can work in some browsers and fail in others, because some clients fetch missing intermediates and some don't. That's why it deserves an explicit check.
Questions
FAQ
My browser says the site is fine but the check reports a problem. Why?
Browsers cache intermediate certificates and can silently repair an incomplete chain. Stricter clients — curl, mobile apps, old devices — fail on the same site. The check shows the raw truth.
When should I renew a certificate?
At least 30 days before expiry. That leaves room for DNS validation problems, rate limits or a forgotten deploy before users ever see a warning.
Can Qualimonitor warn me before a certificate expires?
Yes — the SSL monitor type checks your certificates on a schedule and alerts you days in advance, before the browser warning does it for you.