SSL Certificate Checker

Check the SSL/TLS certificate of any domain

Enter a domain to check its SSL certificate
Checking SSL certificate...

SSL/TLS certificates are the foundation of encrypted communication on the internet. For email professionals, certificates matter beyond just websites -- they secure SMTP connections via STARTTLS, protect webmail interfaces, and authenticate API endpoints used by email service providers. Our free SSL certificate checker validates any domain's certificate and reports its configuration in detail.

What This Tool Checks

Certificate Validity

The tool connects to your server over TLS and retrieves the presented certificate. It verifies:

  • Expiration date -- certificates have a defined validity period, typically 90 days (Let's Encrypt) to 1 year. An expired certificate causes browsers to display warnings and SMTP clients to reject or downgrade connections.
  • Not-before date -- the certificate is not valid if the current date precedes its start date.
  • Common Name (CN) and Subject Alternative Names (SANs) -- the domain(s) the certificate covers must match the domain you are connecting to.

Certificate Chain

TLS requires a chain of trust from the server's leaf certificate up to a trusted root Certificate Authority (CA). The tool validates:

  • Intermediate certificates -- the server must present any intermediates needed to complete the chain. Missing intermediates are one of the most common TLS misconfiguration errors.
  • Root CA trust -- the chain must terminate at a CA trusted by major browser and OS trust stores.
  • Chain order -- certificates must be presented in the correct order (leaf first, then intermediates).

Protocol and Cipher Support

The tool tests which TLS protocol versions and cipher suites the server supports:

  • TLS 1.3 -- the current standard (RFC 8446), offering improved security and performance.
  • TLS 1.2 -- still widely supported and considered secure when configured with strong ciphers.
  • TLS 1.0/1.1 -- deprecated by RFC 8996. Servers still offering these versions are vulnerable and non-compliant with modern security standards.

Why SSL Matters for Email

SMTP Encryption

When your mail server sends messages, the receiving server often supports STARTTLS to upgrade the connection from plaintext to encrypted. If your server's certificate is expired or misconfigured, receiving servers may reject the TLS upgrade and either deliver in plaintext or refuse the connection entirely.

Gmail, Outlook, and Yahoo all prefer TLS-encrypted connections. Gmail's Transparency Report publicly tracks the percentage of email delivered over TLS, and domains sending unencrypted mail may see a warning icon displayed to recipients.

MTA-STS (RFC 8461)

MTA Strict Transport Security allows domain owners to declare that their mail servers support TLS and that sending servers should refuse to deliver mail over unencrypted connections. MTA-STS depends on a valid certificate -- if your certificate expires, MTA-STS-enforcing senders will stop delivering mail to you entirely.

Webmail and API Security

If you run a webmail interface or expose email management APIs, a valid certificate is non-negotiable. Browsers will block access to sites with invalid certificates, and API clients will refuse connections by default.

Complementary Tools

After verifying your SSL certificate, check your domain's overall DNS configuration with our DNS Lookup to ensure your TLSA records (for DANE) and MTA-STS policy are correctly published.

How to Use This Tool

Enter any domain name or hostname. The tool connects over HTTPS (port 443) by default, but you can specify a custom port for SMTP (465), IMAP (993), or other services. Results are displayed immediately. All checks are free.

FAQ

What is an SSL certificate?

An SSL certificate is a digital credential that authenticates a website's identity and enables encrypted communication between a browser and the server using the TLS protocol. It contains the domain name, the issuing Certificate Authority (CA), the certificate's validity period, and the public key used to initiate encryption. Without a valid certificate, browsers display security warnings and sensitive data transmitted between visitors and the server is vulnerable to interception.

How do I check if a website has a valid SSL certificate?

The easiest way is to use our SSL Checker tool -- enter any domain and it will instantly verify the certificate's expiration date, chain of trust, issuer, and supported TLS versions. You can also click the padlock icon in your browser's address bar to view basic certificate details, but a dedicated checker provides a far more complete picture including intermediate chain validation and protocol support.

What happens when an SSL certificate expires?

When a certificate expires, browsers display a full-page warning that blocks visitors from accessing your site, and most users will leave immediately. For email servers, an expired certificate can cause STARTTLS negotiation to fail, forcing mail delivery over unencrypted connections or causing outright rejection by strict senders. If you use MTA-STS, an expired certificate will stop compliant senders from delivering mail to your domain entirely.

What is the difference between DV, OV, and EV certificates?

Domain Validation (DV) certificates only verify that you control the domain and can be issued in minutes -- they are the most common type and are what Let's Encrypt provides for free. Organization Validation (OV) certificates additionally verify the legal identity of the organization, while Extended Validation (EV) certificates require the most rigorous vetting process including legal and physical verification. All three provide the same level of encryption; the difference is purely in the degree of identity assurance conveyed to visitors.

How do I fix SSL certificate errors?

The most common errors are an expired certificate, missing intermediate certificates, and a domain name mismatch. Start by running your domain through our SSL Checker tool to identify the specific issue. Renew expired certificates through your CA or hosting provider, ensure your server sends the full certificate chain (not just the leaf certificate), and verify the certificate's Subject Alternative Names include the exact domain or subdomain you are serving.

Does SSL affect SEO?

Yes. Google has used HTTPS as a ranking signal since 2014, and pages served over HTTP are at a disadvantage in search results compared to their HTTPS counterparts. Beyond rankings, browsers label HTTP sites as "Not Secure" in the address bar, which increases bounce rates and erodes user trust. Ensuring your site has a valid, properly configured SSL certificate is a baseline requirement for both search visibility and user confidence.

Stay on top of your email infrastructure. Sign up for the InboxTooling newsletter for deliverability tips, tool updates, and best practices.

Frequently Asked Questions

What is an SSL certificate?

An SSL certificate is a digital credential that authenticates a website's identity and enables encrypted communication between a browser and the server using the TLS protocol. It contains the domain name, the issuing Certificate Authority (CA), the certificate's validity period, and the public key used to initiate encryption. Without a valid certificate, browsers display security warnings and sensitive data transmitted between visitors and the server is vulnerable to interception.

How do I check if a website has a valid SSL certificate?

The easiest way is to use our SSL Checker tool -- enter any domain and it will instantly verify the certificate's expiration date, chain of trust, issuer, and supported TLS versions. You can also click the padlock icon in your browser's address bar to view basic certificate details, but a dedicated checker provides a far more complete picture including intermediate chain validation and protocol support.

What happens when an SSL certificate expires?

When a certificate expires, browsers display a full-page warning that blocks visitors from accessing your site, and most users will leave immediately. For email servers, an expired certificate can cause STARTTLS negotiation to fail, forcing mail delivery over unencrypted connections or causing outright rejection by strict senders. If you use MTA-STS, an expired certificate will stop compliant senders from delivering mail to your domain entirely.

What is the difference between DV, OV, and EV certificates?

Domain Validation (DV) certificates only verify that you control the domain and can be issued in minutes -- they are the most common type and are what Let's Encrypt provides for free. Organization Validation (OV) certificates additionally verify the legal identity of the organization, while Extended Validation (EV) certificates require the most rigorous vetting process including legal and physical verification. All three provide the same level of encryption; the difference is purely in the degree of identity assurance conveyed to visitors.

How do I fix SSL certificate errors?

The most common errors are an expired certificate, missing intermediate certificates, and a domain name mismatch. Start by running your domain through our SSL Checker tool to identify the specific issue. Renew expired certificates through your CA or hosting provider, ensure your server sends the full certificate chain (not just the leaf certificate), and verify the certificate's Subject Alternative Names include the exact domain or subdomain you are serving.

Does SSL affect SEO?

Yes. Google has used HTTPS as a ranking signal since 2014, and pages served over HTTP are at a disadvantage in search results compared to their HTTPS counterparts. Beyond rankings, browsers label HTTP sites as "Not Secure" in the address bar, which increases bounce rates and erodes user trust. Ensuring your site has a valid, properly configured SSL certificate is a baseline requirement for both search visibility and user confidence.

Stay on top of your email infrastructure. Sign up for the InboxTooling newsletter for deliverability tips, tool updates, and best practices.