Is your SSL certificate still valid?
Paste your page and we connect the way a browser would, then tell you whether your certificate is valid and trusted - or whether visitors are about to hit a full-page security warning. Free, no signup.
What we check
We open a real HTTPS connection to the page you submit, exactly the way a browser does, and check that the certificate it presents is valid and trusted - not expired, not self-signed, issued for the right hostname, and chained to a trusted authority. If a browser would throw up a 'your connection is not private' warning, we catch it.
This is a connection-time check of the certificate the page serves right now. We see what a visitor's browser sees, and report whether the cert is currently valid - the same moment-in-time view a browser uses when it decides to show the lock or the warning.
Why it matters
An expired certificate doesn't degrade quietly - it slams a full-page browser warning in front of every visitor, and most of them turn around. Worse, it happens on a schedule you forgot about: auto-renew fails silently, a domain moves, a cert covers the apex but not the www. Your site looks fine to you because your browser cached the old cert, and meanwhile new visitors see a wall of red.
There's no error in your logs for this, because the visitor never gets past the warning to reach your server. The first signal is usually a drop in traffic or someone telling you the site 'won't load.' A daily check turns a silent expiry into an alert the day it happens, instead of a week later.
Questions
Do you tell me when my certificate expires?
We tell you whether it's valid right now, the way a browser sees it. If it has already expired or gone invalid, we flag it. Daily monitoring is how you catch the moment it flips, since that's the day visitors start seeing the warning.
What kinds of certificate problems do you catch?
The ones a browser refuses to load past: expired certificates, self-signed or untrusted issuers, and hostname mismatches (a cert issued for one domain serving another). Anything that triggers a browser security warning.
Can you check a cert behind a login or firewall?
No. We check what a logged-out visitor's browser can reach from the outside, which is the same surface your real visitors hit. We can't see certificates on internal hosts that aren't publicly reachable.
Is it really free?
Yes. Paste a URL and run it, no account needed. The same scan also runs all of CopyMosaic's other checks, and you can open the full report to see them.