SSL certificate checker
See a site's certificate issuer, validity dates and expiry — from public CT logs.
Sourced from public Certificate Transparency logs. Queries are not stored.
How to check an SSL certificate
- Enter a host. Type a domain like example.com.
- Check the certificate. We look up its most recent certificate in public CT logs.
- Read the details. See the issuer, validity dates, days to expiry and covered domains.
About SSL/TLS certificates
An SSL/TLS certificate is what turns on the padlock and encrypts traffic between a browser and a site. The two things that go wrong most often are expiry — a lapsed certificate throws a scary browser warning — and coverage, where a certificate does not list the exact host being visited. This checker reads the latest certificate from public Certificate Transparency logs, so you can confirm the issuer, see exactly when it expires, and review every domain on the SAN list. To inspect the security headers a site sends, try the HTTP header checker.
Frequently asked questions
- The most recent, currently-valid TLS certificate for the host — its issuer, the validity window, days until expiry, and the domains it covers (SAN list).
- From public Certificate Transparency logs (crt.sh). Every publicly-trusted certificate is logged there, so we can show issuer and validity without needing to open a live connection from your browser.
- Yes. We show the expiry date and the number of days left, so you can renew before it lapses.
- It reports the leaf certificate’s details from CT logs. For a live handshake test of the full chain and protocols, a server-side scanner that connects directly is the better tool.
- No. The host is sent to our server, which queries the public CT logs and returns the result. Nothing is saved.