An SSL certificate encrypts the connection between your website and your visitors. But simply having one isn't enough — you need to make sure it's properly configured. Here are the five things every site owner should check.
1. Certificate Expiration Date
SSL certificates expire. When they do, browsers show scary "Your connection is not private" warnings that will drive visitors away instantly. Most certificates last 90 days (Let's Encrypt) or 1 year (commercial CAs).
Use our SSL Expiry Checker to see exactly when your certificate expires and set up monitoring so you're never caught off guard.
2. Certificate Chain
Your SSL certificate is part of a chain of trust — your certificate is signed by an intermediate CA, which is signed by a root CA. If the chain is broken or incomplete, some browsers and devices will reject the connection.
Our SSL Checker validates the complete certificate chain and flags any issues.
3. Domain Coverage
Make sure your certificate covers all the domains you use:
example.comandwww.example.com— both need to be covered- Subdomains like
app.example.comorapi.example.com - Wildcard certificates (
*.example.com) cover subdomains but not the apex domain
4. Protocol and Cipher Support
Your server should support TLS 1.2 and TLS 1.3, and disable older, insecure protocols (TLS 1.0, 1.1, SSL 3.0). Modern cipher suites like AES-256-GCM should be preferred over weaker ones.
5. Security Headers
SSL alone isn't enough. You should also configure security headers like HSTS (HTTP Strict Transport Security) to tell browsers to always use HTTPS. Check your headers with our Security Headers Checker.
Pro tip: Run all three checks — SSL, expiry, and security headers — whenever you deploy a new certificate or change your server configuration.