A valid SSL certificate must meet several criteria: it must be issued by a trusted Certificate Authority (CA), it must not have expired, it must be issued for the correct domain (or a wildcard or SAN that covers it), and the certificate chain must be complete and trusted by the browser. This tool checks all of these factors and shows you the expiry date, issuer, and which domains the certificate covers so you can quickly see whether your certificate is correctly configured.
What happens when an SSL certificate expires?
When an SSL certificate expires, browsers display a security warning to visitors and most will block access to the site entirely. HTTPS connections will fail, which breaks the website for all users, prevents form submissions, and can significantly harm your search engine rankings. For email, expired certificates on mail servers cause STARTTLS connections to fail. Set up certificate expiry monitoring and renew at least 30 days before expiry to avoid disruption. Free certificates from Let's Encrypt renew automatically every 90 days if correctly configured.
What is a Subject Alternative Name (SAN)?
A Subject Alternative Name (SAN) is an extension to an SSL certificate that allows it to cover multiple domain names or subdomains within a single certificate. For example, a SAN certificate might cover example.com, www.example.com, and shop.example.com all in one. Modern SSL certificates use SANs rather than the older Common Name (CN) field for domain matching. A wildcard certificate (*.example.com) is a special type that covers all immediate subdomains of a domain.
What is the difference between DV, OV, and EV certificates?
The three certificate types differ by validation level. DV (Domain Validation) certificates verify only that you control the domain; they are issued automatically within minutes and are the most common type, used by Let's Encrypt and most shared hosting providers. OV (Organisation Validation) certificates verify your domain and your organisation's legal identity; they require manual vetting by the CA and are typically used by businesses. EV (Extended Validation) certificates require the strictest identity verification and historically displayed a green address bar in older browsers, though modern browsers have removed this visual distinction. For most websites, a DV certificate provides adequate security.
🌍
It looks like you're browsing from your region
Would you like to switch to a site tailored for your location?