SSL Certificate Checker
Analyse your SSL certificate and get a security grade from A+ to F. Check expiry date, protocol version, cipher suite and more.
How to Use the SSL Certificate Checker
1. Enter your domain name (e.g. example.com)
2. Click Check — results appear in a few seconds
3. The large letter grade shows your overall SSL security score
4. Certificate details show the issuer, expiry date and covered domains
5. Security checks show exactly what passed and what failed
6. Issues at the top tell you what needs fixing
Frequently Asked Questions
What is an SSL certificate?
An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates a website's identity and enables an encrypted connection. When a website has a valid SSL certificate, browsers show a padlock icon and use HTTPS. Modern certificates actually use TLS (Transport Layer Security) but are still commonly called SSL certificates.
What does the SSL grade mean?
The grade reflects the overall security of your SSL configuration. A+ means everything is configured optimally with TLS 1.3, a valid certificate from a trusted CA, correct domain matching and strong key. Lower grades indicate issues that need fixing — such as an expiring certificate, weak protocol version, or domain mismatch.
What is TLS 1.3 and why does it matter?
TLS 1.3 is the latest version of the Transport Layer Security protocol. It is significantly faster and more secure than TLS 1.2, with improved cipher suites and a faster handshake. If your server still supports TLS 1.0 or 1.1, those should be disabled immediately as they have known vulnerabilities.
My certificate expires soon — what should I do?
Renew your SSL certificate before it expires. If you use Let's Encrypt (which Caddy uses automatically), renewal happens automatically every 60-90 days. If you use a commercial certificate, contact your certificate authority to renew. A lapsed certificate causes browser security warnings that drive away visitors.
What are Subject Alternative Names (SANs)?
SANs are additional domain names covered by a single SSL certificate. For example, a certificate for example.com might also cover www.example.com and mail.example.com as SANs. Modern browsers require SANs — they no longer rely on the Common Name (CN) field alone.