Developer Tools
SSL Checker
Certificate validity, issuer, expiry countdown, and covered names for any host.
Updated July 10, 2026
How to use the ssl checker
- 1Enter a hostname — no https:// needed.
- 2Read the verdict and days remaining.
- 3Check the Covers line when chasing a mismatch warning.
- 4Under 30 days with auto-renewal? Verify the automation ran.
Common uses
- Monitoring your own certificates' expiry
- Verifying a renewal actually deployed
- Diagnosing browser certificate warnings
- Checking a site's cert before entering credentials
Frequently asked questions
My certificate expires in 60 days — should I worry?
Probably not — that's the modern normal. Let's Encrypt and most automated issuers use 90-day certificates by design (short lifetimes limit damage from key compromise and force automation), so a healthy auto-renewing site perpetually shows 1–60 days remaining. The actionable signal is a certificate under ~30 days when you know renewal should have already happened — automated systems typically renew at the 30-day mark, so 20-and-falling means the automation is stuck: check the renewal cron/service before it becomes a browser-warning incident.
What does 'hostname mismatch' mean and why does www matter?
The certificate is valid but doesn't cover the exact name you connected to — certificates only protect names explicitly listed in their SAN field. The classic: a cert for example.com that doesn't list www.example.com (or vice versa), so one form of the URL warns while the other works. Wildcards (*.example.com) cover one level of subdomain but not the bare domain unless it's also listed. The 'Covers' line in the result shows the actual list; if your name isn't on it, that's the whole bug.
What are the common trust errors and their causes?
The frequent flyers: 'unable to verify the first certificate' or 'unable to get local issuer' — the server isn't sending the intermediate certificate chain (a server config issue; browsers often paper over it, strict clients don't); 'certificate has expired' — renewal failed, see above; 'self-signed certificate' — fine for internal/dev, wrong for public sites; 'hostname mismatch' — see the SAN answer. Almost all of these are configuration problems on the site's side, fixable in minutes once named — which is what this checker is for.
Does a valid certificate mean a site is safe?
No — and this distinction protects people. A valid certificate proves one thing: your connection to that hostname is encrypted and you're talking to whoever controls that domain. It says nothing about whether they're honest — phishing sites overwhelmingly have valid HTTPS now, because certificates are free and automated. The padlock means 'private conversation,' not 'trustworthy counterparty.' Judging the counterparty is a different toolkit: domain age (the WHOIS lookup), the offer's plausibility, and where the link came from.
About this tool
The SSL checker opens a real TLS connection to any hostname from this service's server and reads the certificate it presents: whether it chains to a trusted authority (with the specific error when it doesn't), issuer, the validity window with a days-remaining countdown, covered names (SANs), and the negotiated protocol version. Built for the questions that actually recur: is my cert about to expire, did the renewal actually deploy, and why is that site throwing a warning — with field notes on the 90-day-certificate era, where a short remaining window is normal and a stalled auto-renewal is the real alarm.
The ssl checker connects to an external service to fetch live data, so some of what you enter is sent over the network to provide the result — see the note in the tool for specifics. We don't require an account, and we don't store your queries. Most tools on UtilityBase run entirely in your browser; this one needs the network to do its job. Browse more developer tools here.
Was this tool helpful?
Related tools
DNS Lookup
Query A, AAAA, CNAME, MX, TXT, and NS records over DNS-over-HTTPS.
Developer Tools
WHOIS Lookup
Domain age, registrar, expiry, and nameservers via RDAP — WHOIS's successor.
Developer Tools
Website Down Checker
Is it down, or is it just you? Checked from our server with status and timing.
Developer Tools
What Is My IP
Your public IP, and exactly what it reveals — location, ISP, timezone.
Developer Tools
Regex Tester
Test regular expressions live with match highlighting, groups, and a cheat sheet.
Developer Tools
Code Playground
A live HTML, CSS & JS editor with instant preview, console, and shareable links.
Developer Tools