Skip to content
JA Technology SolutionsJA Technology Solutions

JA Technology Solutions

SSL Certificate Checker

Check HTTPS reachability and certificate history for any hostname via Certificate Transparency logs.

SSL Certificate Checker

Given a hostname, this tool does two things in parallel: a HEAD request over HTTPS to confirm the currently-deployed certificate is valid and trusted, and a query to the public Certificate Transparency (CT) logs via crt.sh to fetch the history of all certs that have been issued for the hostname. For each historical cert you see the issuer, the SAN list, the validity dates, the serial number, and a status badge (valid / expiring soon / expired). Useful for tracking cert rotation, spotting forgotten certs, watching expiry windows, and investigating possible phishing or impersonation domains.
Learn more ↓

Loading interactive explorer...

Important — What This Tool Does and Does Not Show

This tool does two things: (1) a HEAD request over HTTPS to the hostname to verify the current deployment’s cert is accepted by Cloudflare’s trust store, and (2) a query to crt.sh to fetch the domain’s public Certificate Transparency log history. It does not inspect the live cert’s chain, cipher suites, protocol versions, OCSP status, or the full peer-certificate data — Cloudflare Workers deliberately does not expose peer certificate details from outbound fetch() calls, and its raw connect() TCP socket API does not surface the cert from the TLS handshake either. For full chain analysis and grading, use SSL Labs.

What Certificate Transparency Logs Are

Every publicly-trusted Certificate Authority is required (by Chrome, Safari, and Firefox’s policies) to submit every issued cert to at least two independent Certificate Transparency logs. The logs are append-only, cryptographically verifiable, and public. crt.sh is a free public interface to those logs operated by Sectigo. This tool queries it to show the full history of certs issued for the hostname — useful for catching forgotten certs, tracking rotation, and spotting unauthorized certs that might indicate compromise.

What The Cert Status Badges Mean

Valid — the cert’s not_after date is at least 30 days in the future. Expiring soon — expiry is within 30 days. Expired — the cert’s not_after is already in the past. Since all public certs these days have 90-day lifetimes (and sometimes 30 or even 6 days), you should see regular rotation if your automation is working.

When crt.sh is Slow

For domains with thousands of certs in CT logs (think big SaaS platforms, mega-retailers, or anyone issuing wildcard certs frequently), crt.sh can take 10+ seconds to respond. This tool has a 10-second timeout — if it trips, retry, and the second request will hit crt.sh’s internal cache and complete in under a second.

Need Help With TLS?

I help clients automate cert lifecycle management, monitor expiry across many hostnames, debug chain / trust store issues, and design renewal pipelines that don’t page people at 3am. Get in touch or see integration services.

All tools run entirely in your browser. Your data never leaves your machine. Need help? Ask James.

Contact

Need this automated?

I build custom integrations that convert, validate, and deliver data between systems automatically — on a schedule, in real time, without anyone touching a file.

Get in TouchSchedule a Call