How does this compare to SSL Labs?

SSL Labs runs deeper tests and takes 2-3 minutes. Ours is a quick smoke test. For a full audit before a launch, use SSL Labs.

My cert is from Cloudflare / Vercel. Is it OK?

Yes. Both issue automatically renewing, modern certs. If ours flags an issue on a managed cert, it is usually a DNS or domain config problem, not a cert problem.

Free tool

Free SSL / TLS Checker

Certificate validity, TLS version, and cipher strength — in 10 seconds.

Free. No account. Results in under 60 seconds.

What it checks

Every check, explained

01Certificate validity — is it expired or expiring soon?
02Certificate chain — is it complete and trusted?
03TLS version — TLS 1.2+ only, not 1.0/1.1?
04Cipher suites — modern AEAD ciphers, no RC4/3DES?
05HTTPS redirect — does HTTP redirect to HTTPS?

Why it matters

Why you should care

An expired or weak SSL setup is the most visible security failure your users can see — browsers show full-screen warnings. Managed platforms (Vercel, Cloudflare) mostly handle this automatically, but self-hosted deployments and custom origins need monitoring.

How it works

What happens when you paste a URL

We make one TLS handshake with your server, inspect the certificate, negotiate supported TLS versions, and record the cipher suite. Takes about 5 seconds. We never access content behind the TLS layer.

FAQ

Frequently asked questions

How does this compare to SSL Labs?: SSL Labs runs deeper tests and takes 2-3 minutes. Ours is a quick smoke test. For a full audit before a launch, use SSL Labs.
My cert is from Cloudflare / Vercel. Is it OK?: Yes. Both issue automatically renewing, modern certs. If ours flags an issue on a managed cert, it is usually a DNS or domain config problem, not a cert problem.

Fix guides

If this check fails, here is what to do

Expired SSL certificate

An expired certificate breaks your site — browsers show a big red warning. Here is how to renew and set up auto-renewal.

Weak SSL cipher

TLS 1.0, TLS 1.1, or weak ciphers like RC4 or 3DES are vulnerable. Here is how to force modern TLS on Vercel, Cloudflare, and self-hosted servers.

Mixed content warnings

Loading HTTP resources from an HTTPS page breaks the security guarantee. Browsers block most of it automatically now — here is how to fix the rest.

Missing HSTS header

HSTS tells browsers to always use HTTPS for your site. Without it, users can be downgraded to HTTP and have sessions stolen. Here is how to add HSTS on Vercel, Next.js, and other hosts.

More free tools

Related checkers

Security headers checker

Check CSP, HSTS, X-Frame-Options, and more in seconds.

Exposed files checker

Find .env, .git, and other sensitive files before attackers do.

Glossary

Learn the concepts

SSL / TLS

The encryption protocols that power HTTPS. TLS 1.2 and 1.3 are current; older versions are deprecated.

HTTP Strict Transport Security

HSTS is an HTTP response header that tells browsers to only connect to your site over HTTPS, even if a user types `http://`. It stops SSL stripping attacks.