Free SSL Certificate Checker
View issuer, validity, expiration countdown, and the full certificate chain for any domain. No signup, no installs.
Defaults to port 443. Add :port for other TLS services.
How it works
Enter a hostname
Type any domain (example.com) or hostname with port (example.com:8443).
We open a TLS connection
Our server connects over TLS, reads the peer certificate, and walks the issuer chain.
You get a structured report
Issuer, validity, alt names, signature algorithm, fingerprint, protocol, cipher — instantly.
Everything you need to know about a cert
One request, one screen. Skip the openssl flags and the manual chain decoding.
Expiration countdown
Live days-until-expiry and a clear warning when a cert is within two weeks of expiring.
Validity check
We verify trust against Mozilla's root CA store and surface the exact authorization error if any.
Full chain walk
Every cert in the chain — leaf, intermediates, root — with subject, issuer, and validity.
Subject Alt Names
See every hostname covered by the cert, including wildcards. Useful for multi-tenant setups.
Crypto details
Public key bits, signature algorithm, serial number, SHA-256 fingerprint — all in one view.
Protocol & cipher
Confirm the TLS version (TLSv1.2, TLSv1.3) and the negotiated cipher suite at a glance.
Who uses this
For SaaS engineers
- –Verify a customer's custom-domain cert was issued correctly
- –Sanity-check renewal automation before it surprises you in prod
- –Confirm the right intermediate is being served (chain issues kill mobile clients)
- –Capture fingerprints for pinning or alerting
For DevOps & SREs
- –Audit expiration dates across a fleet of hostnames
- –Diagnose a "certificate not trusted" report from a user
- –Verify TLS version and cipher suites match your security policy
- –Spot-check a freshly deployed load balancer
For security reviewers
- –Inspect cert posture during a vendor security review
- –Check that SAN coverage matches the in-scope hostnames
- –Confirm signature algorithm isn't deprecated (SHA-1, etc.)
- –Document the cert issuer for compliance evidence
Stop checking certs by hand
If you let customers connect their own domains to your SaaS, Domainee issues and renews their certs automatically. One CNAME, one webhook, done.
50 custom domains and 100 GB bandwidth free, forever.
Frequently asked questions
Is this really free?+
Yes. No signup, no API key, no rate limit gimmicks. The tool runs server-side from this page.
Does it work for ports other than 443?+
Yes. Append :PORT to the hostname (e.g. example.com:8443). Anything that speaks TLS works — IMAPS, SMTPS, etc.
Can I check certs on private or internal IPs?+
No. For security reasons we block hostnames that resolve to private, loopback, link-local, or otherwise reserved IP ranges. Use openssl s_client locally for those.
What does 'authorized: false' mean?+
It means Node's default trust store didn't verify the cert. We still parse and show the full report; the reason (expired, self-signed, hostname mismatch, etc.) is in the Authorization error field.
Do you store the results?+
No. The check happens on-demand and the result is returned to your browser. We don't log or persist the certificate data.
How is this different from openssl s_client?+
openssl is great if you live in a terminal. This is the same data in a structured, shareable, browser-friendly view — useful when you want to send the result to a coworker or a customer.
Can I automate this?+
If you're shipping a product where users connect their own domains, you don't want to check certs manually — you want them issued, renewed, and monitored automatically. That's what Domainee does. See the API docs.
More free tools
DNS
Free DNS Record Lookup
Check A, AAAA, CNAME, MX, TXT, NS, and SOA records for any domain instantly.
Domain
Free WHOIS Lookup
View registrar, creation and expiry dates, name servers, and registration data for any domain.
DNS
Free CNAME Lookup & Generator
Validate CNAME records and get provider-specific setup instructions for custom domains.
HTTP
Free HTTP Header Checker
Inspect response headers, security headers, caching, redirects, and get a security grade for any URL.
DNS
Free DNS Propagation Checker
Query DNS servers across multiple global locations to verify your DNS changes are live.
Other
Free Custom Domain Cost Calculator
Compare building in-house vs. using a managed service for custom domains on your SaaS.
HTTP
Free Redirect Checker
Trace the full redirect chain for any URL. See each hop with status codes, response times, and the final destination.
Free SPF Record Checker
Look up and validate SPF records for any domain. Check for syntax errors, DNS lookup limits, and common issues.
Domain
Free Domain Age Checker
Check how old any domain is. See exact registration date, age, last updated, and expiration.
Domain
Free Subdomain Finder
Discover subdomains for any domain using DNS enumeration and certificate transparency logs.
DNS
Free Reverse IP Lookup
Find the hostname associated with any IP address. PTR (reverse DNS) lookups in one click.
Free DMARC Record Checker
Look up and validate DMARC records. Check policy settings, alignment, and reporting configuration.
DNS
Free TXT Record Lookup
Look up and categorize TXT records. Identify SPF, DKIM, DMARC, verification tokens, and more.
HTTP
Free Website Status Checker
Check if any website is up or down. See response time, HTTP status, and SSL certificate status instantly.
Free DKIM Record Checker
Look up and validate DKIM records for any domain and selector. Verify key configuration and common issues.
Domain
Free Domain Availability Checker
Check if a domain name is available across multiple TLDs (.com, .io, .dev, .app, .co, and more).