Skip to main content
SecScannerSecScanner
Security ChecksFree ToolsPricingBlog
Get Started
Sign InGet Started
Security ChecksCertificate Expiry
TLSHigh PriorityFree

Free SSL Certificate Expiry Checker — Check Certificate Validity Online

Updated June 2026·SecScanner Team

SSL/TLS certificates have expiration dates and must be renewed before they expire. An expired certificate triggers browser security warnings that block visitors and break HTTPS connections across your entire site.

Why It Matters

Expired certificates cause immediate, site-wide outages — browsers refuse to connect and show 'Your connection is not private' warnings that drive users away. Even certificates expiring soon (within 30 days) create risk: automated renewal can fail silently, and discovery of an upcoming expiry often means the window for a clean renewal has already closed. Certificate expiry is one of the most common — and most preventable — causes of security incidents.

How We Check

We connect to your server over HTTPS, retrieve the TLS certificate, and check its notAfter date against today's date. We flag the check as failing if the certificate has already expired or will expire within 30 days, giving you time to renew before visitors are affected.

How to Fix

Set up automatic certificate renewal before manual intervention is required:

Let's Encrypt / Certbot (most common):

# Install Certbot and enable automatic renewal
certbot renew --dry-run          # test renewal works
systemctl enable certbot.timer   # systemd auto-renewal

Check renewal is scheduled:

systemctl list-timers | grep certbot
# or
crontab -l | grep certbot

Caddy — renewal is automatic by default; no configuration needed.

AWS ACM / GCP / Azure — certificates managed by the cloud provider renew automatically as long as the DNS record or load balancer is active.

Manual checklist if auto-renewal is not available:

  1. Set a calendar reminder 45 days before expiry
  2. Renew from your CA (Let's Encrypt, DigiCert, Sectigo, etc.)
  3. Install the new certificate and reload your web server
  4. Verify with this checker that the new expiry date is correct

Frequently Asked Questions

How do I check my SSL certificate expiry date?

Enter your website URL in the certificate expiry checker above and click Scan. SecScanner connects to your server, reads the TLS certificate, and shows the exact expiry date along with days remaining. You can also check via the command line: openssl s_client -connect yourdomain.com:443 2>/dev/null | openssl x509 -noout -dates

What happens when an SSL certificate expires?

When an SSL certificate expires, browsers immediately show a full-screen 'Your connection is not private' (or 'NET::ERR_CERT_DATE_INVALID') warning. Most users will leave rather than bypass the warning. HTTPS connections fail for automated systems, APIs, and mobile apps. Search engines may de-index affected pages. The fix requires renewing and reinstalling the certificate, then reloading the web server.

How often should I check certificate validity?

Check your SSL certificate expiry date at least once a month, and set up automated renewal (Let's Encrypt / Certbot, Caddy, or your cloud provider's ACM). For critical sites, consider monitoring with alerts triggered at 30 days and 7 days before expiry. Our free certificate expiration check lets you verify the current status at any time.

What is the difference between SSL and TLS certificates?

Technically, modern certificates use TLS (Transport Layer Security), not the older SSL (Secure Sockets Layer) protocol. However, the terms are used interchangeably in practice. The certificate itself doesn't specify the protocol — it's your server configuration that determines which TLS versions are supported. When people say 'SSL certificate', they mean the same X.509 certificate used for TLS connections.

Why does my certificate show as expired even though I just renewed it?

If your certificate checker still shows the old expiry date after renewal, the most common causes are: (1) the new certificate wasn't installed correctly or the web server wasn't reloaded after installation, (2) a CDN or load balancer is still serving the old certificate, or (3) a caching layer hasn't updated. Restart/reload your web server and purge any CDN cache, then run the checker again.

Related Security Checks

TLS

Certificate Hostname & Chain

TLS

OCSP Stapling

TLS

HTTPS enabled

Related Tool

SSL Checker

Run all 10 related checks with our free ssl checker

Check Your Website Now

Run a free security scan to check for Certificate Expiry issues and 62+ other security vulnerabilities.

Scan Your Website Free

Product

  • Security Checks
  • Free Tools
  • SSL Checker
  • Vulnerability Scanner
  • Email Security
  • Pricing
  • Compliance
  • Security Reports

Popular Checks

  • CSP Check
  • HSTS Check
  • TLS Version Check
  • SSL Expiry Check
  • SPF/DKIM/DMARC Check
  • Cookie Security Check
  • JS Vulnerability Scan
  • OCSP Stapling Check

Resources

  • Blog
  • Glossary
  • Contact

Legal

  • Terms of Use
  • Privacy Policy
  • Refund Policy
  • Cookie Policy

© 2025-2026 SecScanner. All rights reserved.