What Is an SSL Certificate?
An SSL/TLS certificate is a digital document that binds a public key to a hostname and is signed by a trusted Certificate Authority. Browsers use this certificate to establish an encrypted connection, verify the server’s identity and display the padlock icon. Without a valid, trusted certificate, users see large-scale browser warnings and search engines demote the site in rankings.
How to Read the Results
- Issuer: the Certificate Authority that signed the certificate — e.g., Let’s Encrypt, DigiCert, Sectigo.
- Valid From / Valid To: the certificate’s activation and expiry dates, in the issuer’s timezone.
- Days Remaining: positive means valid; 0–30 means renewal is urgent; negative means already expired.
- SANs: every hostname the certificate covers — matching beyond this list will fail.
- Protocol: the TLS version negotiated with your server. TLS 1.2 is the minimum; 1.3 is preferred.
Why Monitor SSL Expiry?
An expired certificate immediately breaks every visitor’s connection: browsers show full-page warnings, forms stop submitting, APIs fail, and ad/analytics pixels time out. Most production outages from SSL issues are expiry-related, not misconfigurations. A quick daily or weekly check — or an automated monitor — prevents this entirely. If your certificate renews automatically (via ACME/Let’s Encrypt or your CDN), verify the renewal is actually happening; automation silently failing is the most common cause of surprise outages.