How do I check if an SSL certificate is valid?

At https://subs.gr/tools/ssl/check enter the domain to see expiry date, issuer, certificate chain, mixed content status and HSTS.

Why am I getting an SSL error even though I have a certificate?

The most common causes: (1) expired certificate, (2) domain not listed in the certificate, (3) incomplete chain (missing intermediate), (4) self-signed certificate.

How often should I check my SSL?

At least once a month, especially if using Let's Encrypt (90 days). Even better: set up automatic monitoring at https://subs.gr/monitors for notification before it expires.

SSL & Security 5 min read

How to Check an SSL Certificate

Guide to SSL certificates — what to check, how to read the chain, common errors and how to avoid expiry.

What Is an SSL Certificate?

An SSL/TLS certificate is a digital file that verifies a domain's identity and encrypts communication between the browser and the server. Without a valid SSL certificate, browsers display a "Not Secure" warning and Google treats it negatively in rankings.

An SSL certificate contains:

The domain name it covers
The Certificate Authority (CA) that issued it
Issue and expiry dates
Public encryption key
Digital signature of the CA

What to Check in an SSL Certificate

1. Expiry Date

The most common cause of SSL problems. Modern certificates last 90 days (Let's Encrypt) or 1 year (commercial). An expired certificate immediately causes a browser error — no one gets through to the site.

⚠️ Warning: If you use Let's Encrypt, automatic renewal (certbot/acme) can fail silently. Check the expiry date every month.

2. Domain Coverage

The certificate must cover exactly the domain you're using:

example.com — covers only the apex domain
*.example.com — wildcard, covers all subdomains (but not the apex)
SAN (Subject Alternative Names) — one certificate for multiple domains

3. Certificate Chain

SSL trust is based on a chain: Root CA → Intermediate CA → Leaf certificate. If the Intermediate CA is missing from the server, some browsers (especially mobile) will show an error even if the certificate is valid.

4. Issuer

Check who issued the certificate. Known CAs: Let's Encrypt, DigiCert, Sectigo, GlobalSign. A self-signed certificate always shows a warning.

5. Mixed Content

If your page uses HTTPS but loads resources (images, scripts) over HTTP, browsers show a warning. These are called "mixed content" and can prevent scripts from executing.

Check any domain's SSL certificate instantly:

→ SSL Certificate Checker

Common SSL Errors and Fixes

ERR_CERT_DATE_INVALID / "Certificate has expired"

The certificate has expired. Renew it immediately. For Let's Encrypt: run certbot renew. For commercial: purchase new or renew through your registrar/hosting.

ERR_CERT_COMMON_NAME_INVALID / "Certificate does not match"

The domain you're visiting is not listed in the certificate. Cause: you have a certificate for example.com but are visiting www.example.com (or vice versa). Fix: use a wildcard or SAN certificate.

ERR_CERT_AUTHORITY_INVALID / "Not trusted"

The certificate chain is incomplete or it's self-signed. Make sure the server sends the intermediate certificate along with the leaf.

Mixed Content Warning

Search your code for hardcoded http:// URLs. For WordPress: use the "Really Simple SSL" plugin. Generally: add HSTS header after fixing all mixed content.

When to Act Urgently

Indicator	Meaning	Urgent?
Expiry in <30 days	Renew now	✅ Yes
Incomplete chain	Some users see error	✅ Yes
Mixed content	Scripts may be blocked	⚠️ Soon
Self-signed	Browsers show warning	✅ Yes
Expiry in >90 days	Monitor only	❌ No

Frequently Asked Questions

How much does an SSL certificate cost?

Let's Encrypt certificates are completely free and automated. Commercial certificates cost from €10 (DV) to hundreds (EV/wildcard). For most sites, Let's Encrypt is sufficient.

What's the difference between DV, OV, EV?

DV (Domain Validation): only the domain is verified — sufficient for most sites. OV (Organization Validation): the organization is also verified. EV (Extended Validation): full verification — used by banks. Technically, all three provide the same encryption.

Does SSL affect Google ranking?

Yes, HTTPS has been a ranking signal since 2014. More importantly: without HTTPS, Chrome displays "Not Secure" in the address bar, which dramatically increases bounce rate.

Can I use one certificate for multiple domains?

Yes, via SAN (Subject Alternative Names) or wildcard. A wildcard *.example.com covers all subdomains but not the apex. For multiple different domains you need a Multi-Domain (SAN) certificate.

Try it now

SSL Checker SSL certificate & chain check

Related guides

How Long Does DNS Propagation Take? How to Read a WHOIS Result

← All guides