SSL certificate
checker.
Check any domain's TLS certificate: issuer, validity, days until expiry, covered hostnames, and trust status. Free, no login.
No account required to use this tool.
More free domain tools
See a domain's registrar, registration and expiry dates, status, and nameservers, live from RDAP.
OpenCheck A, AAAA, CNAME, MX, TXT, NS, SOA, and CAA records for any domain in real time.
OpenVerify MX, SPF, DKIM, and DMARC records and get an email setup score for any domain.
OpenFrequently asked questions
What does the SSL checker tell me?
It connects to the domain over HTTPS and reads the live TLS certificate: who it was issued to and by, the validity window, how many days until it expires, the hostnames it covers (SAN), the negotiated protocol, and whether the certificate chain is trusted.
Why does certificate expiry matter?
An expired certificate makes browsers show a full-page security warning, which blocks visitors and breaks API calls. Certificates are short-lived now (often 90 days), so missing a renewal is a common, avoidable outage. Check the days-remaining number and renew well ahead.
What does 'not trusted' mean?
The certificate was presented but failed validation: it may be self-signed, expired, issued for a different hostname, or missing intermediate certificates. The tool still shows the certificate details along with the specific reason.
Does this check the whole chain?
It reports whether the chain validates and the negotiated TLS protocol. For exhaustive chain and cipher analysis, a dedicated lab tool goes deeper, but for 'is my cert valid and when does it expire' this is the fast answer.
How does this relate to my domains?
Certificates expire on a schedule, just like domains. Lemon Domains tracks your domain renewals so the name never lapses; pair it with calendar reminders for certificate renewals on the domains that matter.
Stop letting domains slip through the cracks.
Five minutes to import. A lifetime of not refreshing five registrar tabs.