SSL certificate check

Check SSL certificate of any domain. No registration, result in seconds.

How the SSL check works

The tool opens a TCP connection to port 443 of the given domain and starts a TLS handshake, sending the domain name in the SNI extension - exactly what your browser does. The server responds with its certificate chain, and we read the leaf certificate without sending any application data.

From the certificate we extract the Common Name and the Subject Alternative Names (the hostnames the certificate is actually valid for), the issuing certificate authority, the validity period (Not Before / Not After) and the negotiated TLS version with its cipher suite.

The check reflects the live state: if you renewed the certificate a minute ago and the server already serves the new one, you see the new dates immediately. Note that maximum certificate lifetimes are shrinking - under the CA/Browser Forum schedule (ballot SC-081), certificates issued from March 2026 can be valid for at most 200 days, which makes automated renewal (e.g. ACME) the only practical option.

How to read the results

A green result means the handshake succeeded and the certificate matches the domain. Focus on three fields:

Common problems

Certificate valid, but the browser still complains. The server is probably not sending the full chain (missing intermediate certificate). Some clients fill the gap automatically, others fail. Configure the full chain file (fullchain.pem), not only the leaf certificate.

Certificate renewed, but the old one still shows up. The new certificate is on disk, but the web server has not loaded it yet. Reload nginx/Apache or restart the service - ACME clients usually need a deploy hook for this.

A different certificate than expected. With a CDN or proxy in front of the site you see the edge server's certificate, not your origin's. The check follows DNS, so it tests whatever the domain currently resolves to.

Frequently asked questions

How do I check when my SSL certificate expires?

Enter your domain above - the result shows the exact expiry date and the number of days left. For ongoing coverage, an uptime monitor can check the certificate daily and alert you 30, 14, 7, 3 and 1 days before expiry.

How long can an SSL certificate be valid?

Certificates issued from 15 March 2026 can be valid for at most 200 days (CA/Browser Forum ballot SC-081). The limit will keep shrinking in the coming years, which is why automated renewal via ACME is the recommended setup.

What is the difference between SSL and TLS?

TLS is the modern successor of SSL - SSL 2.0/3.0 have been deprecated for years. The name 'SSL certificate' stuck, but every current connection uses TLS, typically version 1.2 or 1.3.

Why is my certificate invalid even though it has not expired?

The most frequent causes: the hostname is not in the certificate's SAN list, the intermediate certificate is missing from the chain, the client's system clock is wrong, or the certificate was revoked. The error message in the result usually points to the exact cause.

Want to be notified 30 days before expiration?

ePulz.io checks SSL daily and notifies you by email, Telegram or Slack.

Enable SSL monitoring for free →

About this tool

This reads the TLS certificate a domain serves right now: the issuer, the exact expiry date, the hostnames it covers (SAN) and the negotiated TLS version. An expired or mismatched certificate makes browsers block the site with a warning, so check it before a renewal deadline or right after installing a new cert.