DNS Checker.eu

SSL Certificate Checker

Inspect the live TLS certificate served by any hostname - issuer, validity dates, days until expiry, the full SAN list, chain and negotiated protocol.

About SSL Certificate Checker

This checker opens a real TLS handshake to the host you enter - on port 443 by default - from our EU servers, and reads the certificate the server actually presents rather than a cached copy. It reports whether the certificate validates as trusted, who issued it, the subject common name, the not-before and not-after dates, and a live countdown of the days remaining before it expires. Because the result comes from an actual connection, it reflects the server's current configuration.

Beyond the headline validity, the tool lists every subject alternative name (SAN) on the certificate - the complete set of hostnames it is valid for - and reconstructs the certificate chain from the leaf up towards the root. It also shows the negotiated TLS protocol version and low-level identifiers such as the serial number and the SHA-256 fingerprint, which are useful for pinning, auditing or matching a certificate against a known reference.

The days-remaining countdown is the quickest way to catch a certificate before it lapses; an expired or not-yet-valid certificate is flagged as invalid, and a short remaining window is highlighted. With public certificate authorities moving to ever-shorter certificate lifetimes, routine expiry checks have become more important, and this tool gives you the exact figure at a glance.

The checker deliberately reads certificates even when they fail validation - self-signed, expired, or with a hostname that does not match - and reports the underlying reason so you can diagnose exactly what is wrong, including a missing intermediate in the chain. For safety it refuses connections to private and internal IP ranges, and it only ever contacts the public hostname you supply.

How to use it

  1. 1Enter the hostname, for example example.eu, without the https:// prefix or any path.
  2. 2Select Check SSL; our EU server completes a TLS handshake with the host on port 443.
  3. 3Read the validity badge and the days-until-expiry countdown at the top of the results.
  4. 4Review the issuer, validity dates, negotiated protocol, the SAN list and the certificate chain below.

Common use cases

  • -Verify that a certificate is valid, trusted and correctly installed after issuing or renewing it.
  • -Track the days-until-expiry countdown to renew before a certificate lapses and breaks HTTPS.
  • -Confirm every hostname you serve is covered by checking the certificate's SAN list.
  • -Diagnose chain problems such as a missing intermediate, or a hostname mismatch behind browser warnings.
  • -Check which TLS protocol version a host negotiates for a security or compliance review.

Frequently asked questions

How do I check a website's SSL certificate?
Enter the hostname into the SSL Certificate Checker and run it. The tool performs a live TLS handshake and reports the issuer, validity dates, days until expiry, SAN list, chain and negotiated protocol.
How can I see when an SSL certificate expires?
The checker shows the certificate's not-after date together with a live countdown of the days remaining. A certificate that has already passed its expiry date is marked invalid.
What is a SAN (subject alternative name)?
The SAN list is the set of hostnames a single certificate is valid for. A certificate is only trusted for a hostname that appears in its SAN list, so checking it confirms full coverage of your domains.
Why does the checker still show details for an invalid certificate?
It intentionally reads the certificate even when validation fails - for a self-signed, expired or mismatched certificate - and reports the reason, so you can see exactly what is wrong instead of just an error.
What is the difference between SSL and TLS?
SSL is the deprecated predecessor of TLS; modern HTTPS uses TLS 1.2 or 1.3, though the phrase 'SSL certificate' persists. The checker reports the actual TLS version negotiated with the server.
Is any personal data involved when I run a check?
No. The check runs from our EU servers, which only connect to the public hostname you enter and read its certificate. No personal data is transmitted, and requests to private IP ranges are refused.