SSL Certificate Expiration

Days remaining before a server's TLS certificate (and its full chain) expires.

Monitor this automatically

NetTests can run this check on a schedule, preserve historical results, compare changes over time, and alert you the moment something breaks.

Start monitoring free → See all monitoring products

Frequently Asked Questions

What does this check?

It connects to the host over TLS and reports how many days remain before the server's certificate — and every certificate in the chain it presents — expires. An expired certificate breaks HTTPS entirely: browsers block the site outright.

Why does the chain matter, not just my own certificate?

A TLS handshake presents your leaf certificate plus any intermediate CA certificates the server is configured to send. If an intermediate expires — even though your own certificate is still valid — some clients will refuse the connection. This tool reports the worst-case (soonest-expiring) certificate across the whole chain, not just the leaf.

How is this different from TLS Handshake Inspector?

TLS Handshake Inspector is the full diagnostic view — negotiated version, cipher, ALPN, fingerprints, hostname verification. This tool is the same underlying chain data, narrowed to just the expiration question, so it's quick to scan and simple to set thresholds on in a monitor.