Validity period
A certificate is valid only for a limited time. If it expires, browsers show a warning and the site immediately loses trust.
TLS · SSL · Certificate
TLS/SSL certificate check
Check a domain’s TLS/SSL certificate, validity period, issuer, certificate names and technical TLS connection details.
This check uses a direct TLS connection. HTTPS websites usually use port
443. Mail services commonly use direct TLS on ports
465, 993 and 995.
Enter a domain and choose the port to check.
Guide · TLS/SSL certificates
What does this TLS/SSL certificate check do?
The TLS/SSL certificate check shows which certificate a website or TLS service presents. It displays details such as the certificate issuer, validity period, remaining days and the domain names covered by the certificate.
A TLS certificate is a core part of HTTPS. It allows the browser to verify that the connection is being made to the correct server and that traffic can be encrypted between the user’s device and the server.
Issuer
The issuer shows which certificate authority signed the certificate. Common issuers include Let's Encrypt, DigiCert and Google Trust Services.
SAN names
Subject Alternative Name entries define which domain names the certificate
is valid for. For example, example.com and www.example.com
can be covered by the same certificate.
HTTPS port
Standard HTTPS uses port 443, but a certificate can also be checked
from another TLS service if it listens on a different port.
Why does certificate checking matter?
An expired certificate, a certificate issued for the wrong name or an otherwise invalid TLS setup can trigger browser warnings and prevent normal use of the service. Certificate status should be checked especially after server migrations, DNS changes and certificate renewals.
A TLS certificate also affects the overall trust of a service. While a certificate alone does not guarantee that a website is safe, working HTTPS is now a baseline requirement for almost every web service.
How to interpret the result
A good result means that the server returns a valid certificate and that the checked domain is included in the certificate names. The remaining days value shows how long the certificate is still valid.
If the certificate is expired, the name does not match or the server does not
return a certificate, the configuration should be fixed immediately. Common causes
include the wrong virtual host, a missing www name, a failed renewal
or a server returning its default certificate for the wrong domain.
Frequently asked questions
What happens when a TLS certificate expires?
Browsers show a warning and the site no longer appears trustworthy. In some cases, the user cannot access the site without manually bypassing the warning.
Why does the certificate work without www but not with www?
The certificate must cover every name used for the site. If
www.example.com is missing from the certificate’s SAN names,
browsers can show a name mismatch error.
Is SSL the same as TLS?
People often still say SSL certificate, but modern HTTPS uses TLS. SSL is an older term that remains common in everyday use.