SSL Certificate Checker API
Check TLS certificate details for any public hostname — issuer, validity, expiry countdown, full chain, cipher, SAN list.
The SSL Certificate Checker API connects to any public HTTPS host, performs a real TLS handshake, and returns structured info about the certificate the server presented. Useful for cert monitoring, expiry dashboards, debugging chain issues, and validating SAN coverage on custom domains.
GET
https://api.domainee.dev/v1/tools/ssl-check?host=domainee.devReturns TLS certificate details for any public hostname: subject, issuer, validity, alt names, cipher, full chain.
Free. No API key required. CORS-enabled. Rate-limited per IP at 30/min and 500/day.
Parameters
| Name | In | Type | Description |
|---|---|---|---|
hostrequired | query | string | Hostname to check. Optionally with `:port` (default 443). example: domainee.dev |
Example request
curl
curl -s "https://api.domainee.dev/v1/tools/ssl-check?host=domainee.dev" | jqExample response
response.json
{
"ok": true,
"data": {
"host": "domainee.dev",
"port": 443,
"protocol": "TLSv1.3",
"cipher": {
"name": "TLS_AES_256_GCM_SHA384",
"version": "TLSv1.3"
},
"authorized": true,
"expired": false,
"daysUntilExpiry": 71,
"subject": {
"CN": "domainee.dev"
},
"issuer": {
"C": "US",
"O": "Let's Encrypt",
"CN": "E7"
},
"validFrom": "2026-03-15T08:32:14.000Z",
"validTo": "2026-06-13T08:32:13.000Z",
"altNames": [
"domainee.dev",
"*.domainee.dev"
]
}
}Other languages
fetch.js
const res = await fetch("https://api.domainee.dev/v1/tools/ssl-check?host=domainee.dev");
const { ok, data } = await res.json();requests.py
import requests
r = requests.get(
"https://api.domainee.dev/v1/tools/ssl-check",
params={"host":"domainee.dev"},
)
data = r.json()["data"]Rate limits & errors
- 30 requests/minute and 500 requests/day per IP. Exceeding either returns HTTP 429 with a
Retry-Afterheader. - All responses are JSON with the envelope
{ "ok": true, "data": {...} }on success or{ "ok": false, "error": { "code", "message" } }on failure. codevalues are stable; safe to switch on programmatically.messageis human-friendly and may change.
Notes
- No hostname allowlist. You can check any public hostname.
- Private, loopback, link-local, and reserved IPs are blocked to
prevent SSRF (
forbidden_hosterror). - Connection timeout: 8 seconds. For non-responsive hosts you'll
get
tls_connection_failedafter that window. - Certificate validation is intentionally lenient — we read invalid
certs too, so you can REPORT them as invalid instead of erroring
out. Check the
authorizedandauthorizationErrorfields to know whether the cert chain validates.
Common use cases
- Cert expiry monitoring. Run this once a day per hostname,
alert when
daysUntilExpiry < 14. Same data Let's Encrypt and ACME internal tooling uses. - Chain debugging. When customers report mixed-content or
intermediate-cert issues, the
chainfield shows exactly what the server presented (or didn't). - SAN coverage check. Make sure
altNamesincludes the apex AND thewwwvariant before pushing a DNS cutover.
See also
- SSL Certificate Checker visual tool — UI version that hits this same API.
- Domainee Automatic SSL — if you want certs automatically issued and renewed for your customers' custom domains.