Frequently asked questions
What is an SSL certificate?
An SSL certificate (TLS certificate) is a digital file issued by a trusted Certificate Authority (CA) that binds a domain name to a public key. When visitors connect via HTTPS, the browser verifies the certificate to confirm the server’s identity and encrypt traffic, protecting data from eavesdropping and tampering.
Why do SSL certificates expire?
Certificates carry a fixed validity period by design. Expiry limits the window of risk if a private key is compromised, encourages sites to rotate keys and adopt newer algorithms, and lets CAs revoke or replace certificates on a regular schedule. Most public CAs today issue certs valid for 90 days to one year.
What happens when an SSL certificate expires?
Once expired, browsers show security warnings such as “Your connection is not private,” and users may be blocked from accessing the site. Search rankings can drop, and API clients or mobile apps may fail TLS validation and break integrations—affecting availability and user trust.
How do I check when an SSL certificate expires?
On the SSLExpire.Net homepage, enter one domain per line and click Check certificates. Each result card shows the issuer, SAN names, validity dates, and days remaining. You can also click the padlock in your browser’s address bar, or use command-line tools such as openssl s_client.
How does our bulk SSL expiry check work?
The browser sends each domain to our API in parallel. The server opens an HTTPS connection to the target host, reads the certificate presented during the TLS handshake, and parses issuer, SAN, and expiry fields. Results are stored in Cloudflare KV for 30 minutes per domain. Caching speeds up repeat lookups, reduces load on target servers, and keeps the checker responsive during bulk scans.
My certificate is expiring—what should I do?
Renew before the expiry date through your CA or an automation tool. Install the new certificate on your web server or load balancer and reload the service. Set reminders at least 30 days ahead; for short-lived certs (e.g. Let’s Encrypt), configure auto-renewal so renewals happen without manual intervention.