WeLeadLab Get Free Website
April 9, 2026Updated April 10, 20266 min readby Vladimir Kamenev

Free SSL Certificate Checker — Verify HTTPS & HSTS Configuration

What this tool does

Our free SSL certificate checker looks up any domain and tells you — in about five seconds — whether its certificate is valid, who issued it, when it expires, which TLS version is negotiated, and whether HSTS and HTTPS redirects are configured correctly. No signup, no install, no credit card.

If your host just emailed you "your SSL certificate is expiring" and you want to confirm what's actually live on the internet right now, this is the fastest way to check.

Why SSL still matters in 2026

SSL isn't optional anymore — it's the baseline. Here's what's at stake when your certificate breaks or expires:

  • Chrome marks your site "Not Secure." Any site served over plain HTTP (or with a broken certificate) gets a warning badge in the address bar. Visitors see it before they see your content.
  • Google uses HTTPS as a ranking factor. It's been confirmed since 2014, and the weight has only grown as HTTPS became universal. Sites without valid SSL rank lower.
  • Browsers block forms on insecure pages. Chrome and Firefox actively warn users away from submitting contact forms, logins, or checkout details on non-HTTPS pages.
  • Customer trust collapses instantly. A "Your connection is not private" interstitial is the fastest way to lose a sale. Most users hit the back button and never return.
  • Data encryption is the whole point. Without SSL, passwords, credit card numbers, and form submissions travel in plaintext across every router between your visitor and your server.

    • One expired certificate can take down your lead flow for a full day before anyone notices. An SSL checker run once a month catches it before Google does.

    What our free SSL certificate checker verifies

    When you run a domain through the checker, you get a complete readout of your HTTPS configuration:

  • HTTPS enabled — Does the site actually respond on port 443?
  • Certificate validity — Is the cert currently valid, or has it expired, been revoked, or been issued to the wrong name?
  • Issuer name — Who signed it? Let's Encrypt, DigiCert, Sectigo, Google Trust Services, Cloudflare, etc.
  • Valid from date — When the certificate was issued.
  • Expiration date and days remaining — The hard deadline, plus a countdown so you know if you need to act this week or next quarter.
  • TLS protocol version — Is your server negotiating modern TLS 1.2 or 1.3, or falling back to deprecated TLS 1.0/1.1 that modern browsers reject?
  • HSTS header present — Is Strict-Transport-Security set on your responses?
  • HSTS max-age — How long browsers are told to remember that your domain is HTTPS-only.
  • HTTP → HTTPS redirect — Does a request to http://yoursite.com bounce to https://yoursite.com, or does it serve insecure content?

    • That's everything a security-conscious visitor (and Google's crawler) checks when they first encounter your domain.

    How to use the free SSL checker

    Three steps:

  • Open the WeLead Lab Website Analyzer.
  • Enter your domain — yoursite.com is fine, you don't need https://.
    1. Read the SSL/HTTPS section of the report.
    You'll see a pass/fail for each check above, plus the raw certificate details if you need to paste them into a ticket.

    Common SSL problems and how to fix them

    These are the issues the SSL checker catches most often:

    1. Expired certificate

    The most common failure. Certificates typically live 90 days (Let's Encrypt) or 1 year (commercial CAs). If auto-renewal broke, you'll wake up to a dead site.

    Fix: Log into your host or certificate manager and force a renewal. If you're on Let's Encrypt via Certbot, run certbot renew. Most modern hosts (Cloudflare, Vercel, Netlify, cPanel) handle this automatically — but only if the DNS is still pointed correctly.

    2. Self-signed certificate

    Browsers throw a big red warning because the certificate isn't trusted by any public CA. Fine for local dev, fatal for production.

    Fix: Replace it with a free Let's Encrypt certificate or a commercial one. Never leave self-signed certs facing the public internet.

    3. Mixed content warnings

    Your page loads over HTTPS, but some images, scripts, or iframes still load over HTTP. Browsers either block them or show a broken padlock.

    Fix: Search your codebase and database for http:// URLs pointing at your own assets and change them to https:// or protocol-relative (//). Use Content-Security-Policy: upgrade-insecure-requests as a safety net.

    4. Missing HSTS

    HSTS (HTTP Strict Transport Security) tells browsers to only ever contact your site over HTTPS. Without it, a man-in-the-middle attacker can downgrade a visitor's first request.

    Fix: Add this header to all HTTPS responses: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

    5. No HTTP → HTTPS redirect

    Some servers respond on both 80 and 443 but never redirect. Users who type the bare domain land on insecure HTTP.

    Fix: Add a 301 redirect at the web server or CDN level from all HTTP URLs to their HTTPS equivalents. On Cloudflare, toggle "Always Use HTTPS" in SSL/TLS → Edge Certificates.

    6. Wrong certificate for domain

    The certificate is valid but issued for www.yoursite.com only — and visitors hit the bare yoursite.com. Or vice versa. Browser shows "certificate name mismatch."

    Fix: Reissue the certificate to cover both hostnames, or use a SAN/wildcard certificate. Let's Encrypt lets you include multiple names in a single cert for free.

    SSL vs TLS — what's the difference?

    Quick note because the terminology confuses everyone: "SSL" is the common term, but the actual protocol running on your server is TLS. SSL 3.0 was deprecated in 2015. Every modern "SSL certificate" is really a TLS certificate, and every "SSL connection" is really a TLS handshake. The industry kept the old name because "SSL" stuck with buyers and marketers.

    When the free SSL certificate checker tells you your server negotiates "TLS 1.3," that's the good answer. TLS 1.2 is acceptable. Anything older is a liability.

    How to get a free SSL certificate

    You almost certainly don't need to pay for one. Your options, in order of convenience:

  • Let's Encrypt — free, automated, trusted by every browser. The de facto standard since 2016. Certificates last 90 days and renew automatically via Certbot or your host's integration.
  • Cloudflare — free SSL at the edge when you point your domain through Cloudflare's DNS. Zero config.
  • Your existing host — Vercel, Netlify, Squarespace, Shopify, WordPress.com, cPanel/WHM, Plesk, DigitalOcean App Platform, and most others provision Let's Encrypt certificates automatically when you add a domain. You probably already have one without realizing it.
  • Commercial CAs — DigiCert, Sectigo, GoDaddy. Worth paying for only if you need Extended Validation, a specific warranty, or enterprise support. For 99% of sites, free is fine.

    • Whichever route you pick, run the free SSL checker afterward to confirm the certificate actually installed, redirects work, and HSTS is set.

    Check your SSL right now

    Stop guessing whether that "certificate expiring" email is urgent. Run your domain through the WeLead Lab Website Analyzer and get a full HTTPS health report in five seconds. No signup, no limits.

    FAQ

    How often should I check my SSL certificate?

    Once a month is plenty for most sites, plus immediately after any DNS or hosting change. If you're on Let's Encrypt's 90-day cycle and auto-renewal is configured, monthly is your early warning. Enterprise sites with annual certificates should calendar a check 30 days before expiry.

    Does the free SSL checker work for subdomains?

    Yes. Enter shop.yoursite.com or api.yoursite.com just like you'd enter the root domain. Each subdomain has its own certificate (unless you're using a wildcard), so checking each one separately is the correct approach.

    What does "certificate expires in 15 days" mean — is my site down?

    No — your site is still live and the certificate is still valid. But you have a two-week window to renew before visitors start seeing warnings. If you're on Let's Encrypt, renewal should happen automatically around day 60 of the 90-day lifetime, so seeing 15 days remaining means auto-renewal may have broken. Investigate now.

    Can I check a competitor's SSL setup?

    Yes. The SSL checker reads publicly visible data — certificate details are part of every HTTPS handshake and aren't secret. You can check any domain on the public internet and see what CA they use, when their cert expires, and whether they have HSTS.

    VK
    Vladimir Kamenev
    Founder

    25 years in industry

    Want us to build your website free?

    Custom website + 30+ SEO articles/month + AI search optimization. $500/month, no contracts.

    Get Your Free Website →