SSL Certificate Expiration
Days remaining before a server's TLS certificate (and its full chain) expires.
Monitor this automatically
NetTests can run this check on a schedule, preserve historical results, compare changes over time, and alert you the moment something breaks.
Start monitoring free → See all monitoring productsFrequently Asked Questions
What does this check?
It connects to the host over TLS and reports how many days remain before the server's certificate — and every certificate in the chain it presents — expires. An expired certificate breaks HTTPS entirely: browsers block the site outright.
Why does the chain matter, not just my own certificate?
A TLS handshake presents your leaf certificate plus any intermediate CA certificates the server is configured to send. If an intermediate expires — even though your own certificate is still valid — some clients will refuse the connection. This tool reports the worst-case (soonest-expiring) certificate across the whole chain, not just the leaf.
How is this different from TLS Handshake Inspector?
TLS Handshake Inspector is the full diagnostic view — negotiated version, cipher, ALPN, fingerprints, hostname verification. This tool is the same underlying chain data, narrowed to just the expiration question, so it's quick to scan and simple to set thresholds on in a monitor.
Network Tools
-
HTTP Request
Send HTTP requests with custom method, headers, body, and authentication — inspect the full response.
-
HTTP Request Timing
Load a URL in headless Chromium and stream every fetched resource with size and timing.
-
Uptime Check
The simplest possible check: fetch the page, confirm it returns 2xx.
-
CORS Tester
Test any URL for CORS (Cross-Origin Resource Sharing) with a custom method, headers, and body — see exactly why a browser would allow or block the request.
-
Dead Link Checker
Crawl a website and find broken internal links — renders JS pages with a headless browser.
-
IP Blacklist Check
Check an IPv4 address against 49 major DNS blacklists (Spamhaus, SORBS, Barracuda, SpamCop, etc.).
-
Network Path Monitor
Continuous traceroute with per-hop loss and RTT statistics.
-
Traceroute
Trace the path packets take to a destination host, hop by hop.
-
Ping Scanner
Ping many hosts in parallel and report which are alive.
-
Ping Host
Send ICMP echo requests and report RTT and packet loss.
-
IP Geolocation
Resolve a domain or IP to its city, country, ASN/org, and coordinates — with a map.
-
IPv4 ↔ IPv6
Convert IPv4 to/from IPv4-mapped IPv6 (::ffff:a.b.c.d).
-
MAC OUI Lookup
Look up a MAC address's first 3 octets in the IEEE OUI vendor database (curated subset).
Email / SMTP Diagnostics
-
Email Health
One-click domain scorecard — Blacklist, Mail Server, Web Server, and DNS checks graded Errors / Warnings / Passed, MXToolbox-style.
-
Email Records Check
Consolidated MX, SPF, DMARC, and DKIM-selector lookup for an email domain.
-
SPF Record Checker
Look up and validate a domain's SPF (Sender Policy Framework) TXT record.
-
Email Blacklist Check
Resolve a domain's MX hosts to IPs and check each against 49 IP blacklists plus the domain itself against 9 domain blacklists.
-
SMTP Banner Probe
Connect to an SMTP server, capture its banner + EHLO capabilities, and test STARTTLS.
Packet Generation & Testing
-
TCP/UDP Connection Tester
Check TCP port reachability; optionally send a payload and read the reply.
-
TLS Handshake Inspector
Inspect a server's TLS handshake: version, cipher, ALPN, full cert chain.
-
HTTP Availability Check
Probe a list of hostnames (max 16) for HTTP and HTTPS availability.
-
HTTP Latency
Send N HTTP HEAD requests to a URL and report min/median/mean/max/stddev latency. From this server's vantage.
-
Path MTU Probe
Discover the path MTU to a host by sending increasingly large DF-bit pings (binary search).
IP & Subnet Utilities
Routing & BGP
TLS / SSL Auditing
-
TLS Quick Scan
Probe which TLS protocol versions a server accepts and show the cipher each negotiates.
-
TLS Deep Scan
Full chain validation, OCSP stapling, SCT count, and per-TLS-version cipher matrix.
-
SSL Certificate Expiration
Days remaining before a server's TLS certificate (and its full chain) expires.
-
Domain Certificate Audit
Search Certificate Transparency logs for every SSL certificate ever issued to a domain — reveals subdomains, issuers, and historical issuance.
NTP / Time Sync
HTTP/2 & WebSocket
-
HTTP/2 Probe
Negotiate HTTP/2 via ALPN and decode the server's SETTINGS frame (window size, max streams, etc.).
-
WebSocket Probe
Send a WebSocket Upgrade handshake and verify the Sec-WebSocket-Accept response, subprotocols, and extensions.
-
HTTP/2 Stress Testerlogin
Benchmark HTTP/2 server performance — measure requests per second, latency distribution, and concurrent stream throughput under sustained load.
Encoding & Conversion
-
Hex ↔ Text
Convert UTF-8 text to a hex string, or parse a hex string back to text (separators :/.- ignored).
-
Binary ↔ Text
Convert UTF-8 text to 8-bit binary, or parse a binary string back to text.
-
Case Converter
Convert text between common casings: UPPER, lower, Title, snake_case, kebab-case, camelCase.
-
Number Base
Convert a number between decimal, binary, octal, and hexadecimal representations.
-
Unix Timestamp
Convert between Unix epoch seconds and ISO/RFC datetime formats (UTC).
-
IPv4 ↔ Decimal
Convert between dotted IPv4 notation, 32-bit decimal, hex, and dotted binary.
-
JWT Decoder
Decode a JWT into its header and payload (no signature verification — that needs the signing key).