Waiting
Enter a domain and run a lookup to see results.
SSL Certificate Checker - Expiry, Chain & TLS Test
Domain Input
SSL/TLS Certificate & Security Check
Verify any domain's SSL certificate — expiry date, issuer, SAN coverage, chain integrity, and TLS protocol version. The tool grades your SSL configuration from A+ to F based on certificate validity (40%), TLS version (25%), chain trust (15%), and HSTS preload status (20%). Certificate Transparency logs show issuance history.
How It Works
A TLS handshake is performed from Cloudflare's edge to the target host. The full certificate chain, supported protocols, and HSTS header are extracted and analyzed. Each component is scored independently, and the weighted sum determines the final grade. CT log data is fetched from crt.sh for historical issuance records.
FAQ
What does an SSL grade of A+ mean?
Grade A+ requires a valid certificate with full chain trust, TLS 1.3 support, and HSTS with preload and includeSubDomains directives. It represents the highest standard of SSL/TLS configuration currently achievable.
How do I fix an expired SSL certificate?
Renew the certificate through your CA or hosting provider. If you use Let's Encrypt, check that your auto-renewal cron/certbot is running. After renewal, restart your web server to load the new certificate. Use this tool to verify the new expiry date.
Why does my site show "certificate chain incomplete"?
Your server is not sending the intermediate certificate(s) needed to chain back to a trusted root CA. Configure your server to include the full chain — most CAs provide a "fullchain" or "ca-bundle" file for this purpose.
Certificate
—
Chain
—
TLS
—
Issuance History
—
PEM
—
Tool Features
[Ad] SSL Detail Inline
SSL Certificate Management
Easy SSL certificate issuance, renewal, and management.
Coming SoonRelated Guides
Pro Enable expiry alerts (1-min setup) — monitoring feature coming soon.