How to Check SSL Certificate Expiry (and Avoid Downtime)
An expired SSL certificate is one of the most avoidable causes of website downtime, yet it happens to large companies every year. This guide explains how to check a certificate's expiry date, what the warning signs look like, and how to make sure you are never caught out again.
Updated June 27, 2026
Why expired certificates matter
When a TLS/SSL certificate expires, browsers stop trusting the site and show a full-page security warning instead of your content. Visitors cannot click through easily, search engines may flag the site, and any API or app relying on the domain breaks immediately. The outage is total and instant.
Because certificates are valid for a fixed window (often 90 days for Let's Encrypt, up to about a year for commercial certificates), expiry is predictable. The failure almost always comes down to a missed renewal or a silent failure in an automated renewal process.
How to check an expiry date in seconds
The fastest way is to use an online SSL expiry checker: enter the hostname and it connects to the server, reads the live certificate, and reports the expiry date plus the number of days remaining. This is quicker than digging through browser dialogs and works for any public host.
In a browser you can also click the padlock in the address bar, open the certificate details, and read the 'Valid to' date. On the command line, openssl can print the dates with a single command, which is handy for scripting checks across many hosts.
Set up renewal reminders that actually work
Automation is the goal, but automation can fail silently. The safety net is a recurring expiry check. Pick a cadence, for example the first of every month, and run an expiry check against your important domains.
Renew at least two to four weeks before the expiry date. That buffer gives you time to fix a failed auto-renewal, update a load balancer, or chase a certificate authority without racing the clock.
Tools mentioned in this guide
- SSL Expiry CheckerCheck when a website SSL certificate expires. See days remaining, expiry date, chain validity, and renewal recommendations.
- SSL CheckerInspect TLS certificates for any public hostname — expiry, issuer, chain, cipher, and hostname match.
- HTTP Header CheckerInspect HTTP response headers for any URL. Review security headers, caching directives, CORS, and server metadata.
Frequently asked questions
- How often do SSL certificates expire?
- It varies. Let's Encrypt certificates last 90 days, while many commercial certificates last about a year. The industry is trending toward shorter lifetimes, which makes automated renewal and monitoring more important.
- My certificate auto-renews. Do I still need to check?
- Yes. Auto-renewal can fail due to misconfiguration, DNS issues, or rate limits, often without an obvious error. A periodic expiry check confirms the renewal actually took effect on the live server.