What This Tool Checks
This checker uses the SSL Labs API — the same service used by security professionals worldwide — to analyze a domain's SSL/TLS configuration. The analysis typically takes 60-90 seconds for a fresh check, or returns instantly if the result is cached. Results are cached by SSL Labs for up to 24 hours.
Understanding Your SSL Grade
| Grade | Meaning |
|---|---|
| A / A+ | Excellent configuration. Up-to-date protocols, strong ciphers, no known vulnerabilities. |
| B | Good but improvable — often caused by supporting TLS 1.0/1.1 or weaker cipher suites. |
| C | Weak configuration. Usually older protocol support or RC4 ciphers still enabled. |
| F | Failed — expired certificate, revoked cert, or broken chain. |
| T | Certificate not trusted — self-signed or issued by an unknown CA. |
Certificate Expiration
Most modern CAs issue certificates with 90-day validity (Let's Encrypt) or up to 398 days (commercial CAs). Monitor expiration proactively — a lapsed certificate takes your site offline for users without warning. Tools like Uptime Kuma and Grafana can send alerts before expiration. Alternatively, set a calendar reminder 30 days before the expiry date shown here.
Subject Alternative Names (SANs)
Modern certificates use SANs instead of the CN (Common Name) field to specify which domains they're valid for. A wildcard SAN like *.example.com covers all subdomains one level deep. This tool shows all SANs on the certificate and highlights which one matches your queried domain.