DNS Studio tool
SSL expiry checker
See exactly when a certificate expires — as a countdown, with the renewal date and anything else on the certificate that needs attention.
No result yet
Enter a domain to see when its certificate expires.
Why check certificate expiry?
An expired certificate is the most common — and most avoidable — reason a working site
suddenly greets visitors with a full-page security warning. Certificates are issued for a
fixed term: publicly trusted certificates are capped at 398 days, and free certificates from
Let’s Encrypt last 90 days by design. The moment the expiry time passes, browsers stop
trusting the certificate. Nothing about your site has changed, but Chrome shows
NET::ERR_CERT_DATE_INVALID, mail servers refuse to deliver, and API clients
throw errors.
This page answers one question first — how long is left? — and then runs the full certificate check behind it, so a hostname mismatch or an incomplete chain will not hide behind a healthy countdown. If you prefer the verdict-first view, use the SSL checker.
What to do with the answer
- More than 30 days left — nothing to do. Note the date, or better, confirm your renewal is automated so you never have to note a date again.
- Under 30 days left — renew now. If renewal should be automatic (Let’s Encrypt renews from about 30 days out), the countdown dropping below 30 is itself a signal that the automation may have stopped.
- Already expired — renew with your provider and reinstall. The fix takes effect the moment the server presents the new certificate; re-run the check to confirm.
For the longer story — why lifetimes keep getting shorter, how ACME renewal actually works, and how to set it up — read why certificates expire and how to check SSL expiry.