ranjan@ranjan.info:~$ openssl s_client -connect domain:443

SSL Checker

Verify SSL certificates — expiry, trust chain, hostname match, issuer, and security checks.

Certificate inspection Live TLS handshake

What does an SSL checker verify?

An SSL checker connects to a domain over HTTPS and inspects the certificate it presents: expiry date and days remaining, the issuing authority, the certificate chain's completeness, which hostnames it covers (SANs), and the signature algorithm. Expired or misconfigured certificates don't degrade gracefully — browsers show full-page warnings that stop visitors cold — so checking before expiry is one of the cheapest outage preventions available.

Built and maintained by Ranjan Chatterjee, Infrastructure Consultant · Linux Server Specialist · free to use, no signup, no tracking

ranjan@ranjan.info:~$ faq --tool ssl-checker

Common questions

Why is my site showing a certificate error?

The usual suspects, in order: the certificate expired, it doesn't cover the exact hostname being visited (www vs bare domain), the server isn't sending the intermediate chain, or the clock on either end is wrong. The checker identifies which one in seconds — each has a different five-minute fix.

How often do SSL certificates need renewal?

Let's Encrypt certificates last 90 days and are designed for automated renewal — set up correctly, you never think about them again. Paid certificates typically run one year. Industry rules are pushing maximum lifetimes shorter over time, which makes automation the only sane strategy: renewal by calendar reminder is how expiries happen.

What are SANs on a certificate?

Subject Alternative Names — the list of hostnames one certificate covers. A certificate for example.com doesn't automatically cover www.example.com unless it's listed as a SAN or matched by a wildcard (*.example.com). Half of "SSL works on one URL but not the other" tickets are a missing SAN.

Does HTTPS affect SEO?

Yes — HTTPS is a confirmed (light) Google ranking signal, browsers mark plain HTTP as "Not secure," and modern features like HTTP/2 effectively require it. There's no cost argument anymore: Let's Encrypt is free and every serious host automates it. The SEO damage of an expired certificate's warning page dwarfs the ranking nuance.

What is the certificate chain and why does it break?

Your certificate is signed by an intermediate authority, which is signed by a trusted root — browsers verify the whole chain. Servers must send the intermediates along with the certificate; when a setup forgets them, some clients (especially older ones and mobile apps) fail while desktop browsers appear fine. "Works in Chrome, fails in the app" is the classic incomplete-chain symptom.