SSL Expiration Checker

SSL/TLS certificates secure HTTPS connections by encrypting data and verifying the server's identity. Each certificate has a validity period—a start and end date. After the expiry date, the certificate is no longer trusted, and browsers will warn users or block the site.

Certificate authorities (CAs) issue certs with different lifetimes. Let's Encrypt uses 90-day certs to encourage automation. Commercial CAs often offer 1-year or 2-year certs. Renewing before expiry is critical to avoid service disruption.

You can check a certificate from the command line using OpenSSL. The tool generates the exact command for your domain: openssl s_client -connect domain:443 -servername domain. Pipe the output to openssl x509 -noout -dates to see notBefore and notAfter. The -servername flag is important for SNI (Server Name Indication) when the server hosts multiple sites.

External services like SSL Labs perform full scans and grade your TLS configuration. Use them for comprehensive audits.

Let's Encrypt certificates last 90 days and are designed for automated renewal (e.g., Certbot). Commercial certificates typically last 1 year; some CAs offer 2 years. EV (Extended Validation) certs are usually 397 days. Shorter lifetimes reduce the window of exposure if a private key is compromised.

The countdown calculator lets you enter your certificate's expiry date and see days remaining. Green: 30+ days. Yellow: 7–30 days. Red: under 7 days—renew immediately.