~/tools/ssl-checker

SSL Certificate Checker

Verify your SSL certificate is valid, trusted, and not about to expire — an expired cert throws a full-screen browser warning that kills every visitor and tanks your rankings.

§ what this tool checks

Rules applied to every scan.

An expired or untrusted SSL certificate replaces your site with a full-screen "Your connection is not private" warning — and search engines drop sites they can't securely reach. Certificates renew silently until the day they don't. This tool connects to your domain over TLS, reads the live certificate, and tells you who issued it, when it expires, and whether the chain is trusted.

HTTPS is served and HTTP redirects to it

Certificate expiry date and days remaining

Issuer (certificate authority) and subject

Certificate chain is trusted (not self-signed)

TLS protocol version negotiated

Subject Alternative Names (covered domains)

§ faq

Questions, answered.

What happens when an SSL certificate expires?

When a certificate expires, browsers show a full-screen "Your connection is not private" (NET::ERR_CERT_DATE_INVALID) warning that most visitors will not click past. Forms stop submitting, APIs fail, and search engines that re-crawl your site over HTTPS can drop it from the index. Certificate expiry is one of the most common and most preventable causes of sudden, total outages.

How many days before expiry should I renew?

Renew at least 30 days before expiry. Most certificate authorities and tools like Let's Encrypt auto-renew at the 30-day mark, but auto-renewal can silently fail (DNS changes, rate limits, expired payment methods). Treat anything under 14 days as urgent and anything already expired as a live outage.

What does "certificate not trusted" mean?

A certificate is trusted when it chains up to a certificate authority that browsers ship in their root store. "Not trusted" usually means the certificate is self-signed, the intermediate certificate is missing from your server configuration, or it was issued by an authority browsers do not recognize. Even a valid, unexpired self-signed certificate triggers a browser warning.

Does HTTPS actually affect SEO?

Yes. Google has used HTTPS as a lightweight ranking signal since 2014, and Chrome marks plain HTTP pages as "Not Secure." More importantly, a broken or expired certificate makes your pages unreachable to crawlers over HTTPS, which causes ranking and indexing losses far larger than the modest HTTPS boost itself.

§ run the full audit

Stop guessing. Scan everything in one click.

60 automated checks across meta tags, robots.txt, Open Graph, sitemaps, headings, AI visibility, and more — free, no signup.

run a full scan →

§ other tools

Check another thing.

Single-purpose inspectors for when you need to verify one thing.

01Meta Tag CheckerCheck your page title, meta description, viewport, charset, and robots tags.02Robots.txt ValidatorValidate your robots.txt file for syntax errors and blocking rules.03AI Crawler CheckerTest if ChatGPT, Claude, and Perplexity can actually read your page — not just whether your robots.txt says they can.04Open Graph Tag PreviewCheck your Open Graph and Twitter Card tags for social media sharing.05Sitemap ValidatorValidate your sitemap.xml file format and URL count.06Heading Structure CheckerAnalyze your H1-H6 heading hierarchy for SEO best practices.07Redirect CheckerTrace the full redirect chain for any URL — every 301, 302, and hop.08Structured Data ValidatorValidate your JSON-LD schema markup for missing fields and errors.09Broken Link CheckerScan a page for internal links that return 404s and server errors.10Core Web Vitals CheckerCheck the lab signals behind LCP, CLS, and a fast first byte.11Security Headers CheckerScan your HTTP response headers for CSP, HSTS, and other protections.12Canonical Tag CheckerCheck your canonical tag and confirm it points where it should.