SSL Certificate Checker - Check SSL/TLS Status

Check SSL certificate validity and learn about TLS security.

Opens SSL Shopper checker in a new tab

What to Look For

Valid certificate (not expired)
Correct domain match
Trusted certificate authority
Strong key (2048-bit RSA or 256-bit ECC minimum)
TLS 1.2 or higher
Complete certificate chain

Common SSL Errors

Error Fix
ERR_CERT_DATE_INVALID Renew certificate, set up auto-renewal
ERR_CERT_COMMON_NAME_INVALID Get cert for correct domain or add SAN
ERR_CERT_AUTHORITY_INVALID Use trusted CA (Let's Encrypt is free)
ERR_SSL_PROTOCOL_ERROR Update server to support TLS 1.2+
ERR_CERT_REVOKED Request new certificate from CA
ERR_SSL_VERSION_OR_CIPHER_MISMATCH Update server cipher configuration
NET_ERR_CERT_TRANSPARENCY Use CA that supports Certificate Transparency
SSL_ERROR_HANDSHAKE_FAILURE Check server config, ciphers, and cert chain

Certificate Types

Type Use Case
DV (Domain Validation) Blogs, small sites
OV (Organization Validation) Business websites
EV (Extended Validation) Banks, enterprise
Wildcard Multiple subdomains
SAN/Multi-Domain Microservices

How to Use This Tool

1
Enter your domain
Type any domain name to check
2
Review the results
Check validity, expiry, and chain
3
Fix any issues
Use the error reference table below
Free SSL is Now the Standard
Let's Encrypt made SSL free and automated. There's no excuse for expired certificates in 2025. Use certbot with auto-renewal and monitor expiry dates — most outages from SSL are preventable.

The Essentials

Free SSL Exists
Let's Encrypt provides free DV certificates
Auto-Renew
Certificates expire every 90 days. Automate renewal
TLS 1.2 Minimum
Disable TLS 1.0 and 1.1. Use 1.2 or 1.3
Certificate Chain
Server must send intermediate certs too
HSTS Header
Tell browsers to always use HTTPS
Mixed Content
One HTTP resource breaks the padlock

Frequently Asked Questions

What is SSL/TLS and Why Does It Matter?

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) encrypt communication between browsers and servers. When you see the padlock icon in your browser's address bar, it means the connection is secured by a valid SSL/TLS certificate. Without it, data travels in plain text, vulnerable to interception and tampering.

How to Check SSL Certificates

You can check SSL certificate status in several ways: use this tool to quickly verify any domain, click the padlock icon in your browser for basic details, or use command-line tools like openssl s_client -connect domain.com:443 for full certificate chain information.

Key things to check: expiration date (certificates expire every 90 days with Let's Encrypt, or annually with paid CAs), domain name match (the certificate must cover the exact domain or use wildcards), and the certificate chain (all intermediate certificates must be properly installed).

Common SSL Certificate Errors

The most frequent SSL error is ERR_CERT_DATE_INVALID (expired certificate). This happens when auto-renewal fails silently, often due to DNS changes, firewall rules blocking the ACME challenge, or credential rotation breaking the renewal script. Other common errors include domain mismatches (wrong certificate installed) and incomplete certificate chains (missing intermediate certificates).

SSL Certificate Types Explained

Domain Validation (DV) certificates are the simplest, verifying only domain ownership. Let's Encrypt provides these for free. Organization Validation (OV) certificates add business identity verification. Extended Validation (EV) certificates require thorough business vetting and are used by financial institutions.

Preventing SSL-Related Outages

Expired SSL certificates cause immediate and total outages. Browsers show a full-page security warning that blocks most users from accessing your site. To prevent this: enable auto-renewal, monitor certificate expiry dates with at least 30 days of advance warning, and test renewal processes regularly. Certificate monitoring should be part of your uptime monitoring strategy, not an afterthought.

Related Tools

HTTP Status Codes

Reference for all HTTP status codes

Uptime SLA Calculator

Calculate downtime for any SLA percentage

Downtime Cost Calculator

Calculate the financial impact of downtime

Monitoring SSL expiry?

Warden checks your SSL certificates and alerts before they expire — no more surprise outages.

Join the waitlist →