How is the SSL grade calculated?

A+ = more than 90 days remaining and trusted certificate. A = 31-90 days. B = 15-30 days. C = 8-14 days. D = 1-7 days. F = expired or untrusted (self-signed, unknown issuer). A low grade means the certificate needs urgent renewal.

SAN (Subject Alternative Name) is the certificate extension that lists all domains and subdomains it covers. A wildcard certificate (*.example.com) covers all subdomains. Modern certificates always include SANs — without them browsers reject them.

Free tool

SSL Certificate Checker

Name: Free SSL Certificate Checker
Author: Miguel Ángel Colorado Marin

Verify the SSL/TLS certificate of any domain: issuer, validity dates, days remaining, SANs, protocol and grade A+→F. No sign-up.

Built by

Miguel Ángel Colorado Marin (MACM)

Built by

Miguel Ángel Colorado Marin (MACM)

Full-Stack Developer · Guadalajara, España

I develop web apps, digital tools and full projects — from design to deployment.

GitHub LinkedIn miguelacm.es

Contact me

How to use the SSL checker?

1
Enter the domain
Type the domain whose SSL you want to verify (e.g. example.com). Without https:// or paths.
2
Click Analyze
The tool establishes a real TLS connection to the server and reads the certificate directly.
3
Review the grade
In Infrastructure you'll see the grade A+→F based on days remaining. A+ = >90 days, A = 31-90, B = 15-30, C = 8-14, D = 1-7, F = expired.
4
Check the details
Verify issuer, SANs (covered domains), TLS protocol and exact validity dates.

SSL grades and their meaning

A+

> 90 days

Certificate in perfect condition. Renewal not urgent.

31 – 90 days

Valid certificate. Plan renewal soon.

15 – 30 days

Renewal recommended in the coming days.

8 – 14 days

Urgent renewal — less than two weeks.

1 – 7 days

Critical renewal — expires this week.

Expired / Untrusted

Certificate has expired or is self-signed. Browsers show an error.

Frequently asked questions

What is an SSL/TLS certificate?

An SSL/TLS certificate authenticates a website's identity and encrypts communication. Without it the browser shows 'Not secure' and Google penalizes rankings. The correct term is TLS, though SSL is still most commonly used by tradition.

How is the grade calculated?

A+ = >90 days and trusted certificate. A = 31-90 days. B = 15-30. C = 8-14. D = 1-7. F = expired or untrusted. A low grade means urgent renewal.

What are SANs?

SAN (Subject Alternative Name) lists all domains covered by the certificate. A wildcard (*.example.com) covers all subdomains. Modern certificates always include SANs.

What is the difference between TLSv1.2 and TLSv1.3?

TLS 1.3 is more modern and secure: removes weak algorithms, reduces latency and is more resistant to attacks. TLS 1.0 and 1.1 are obsolete and rejected by modern browsers.

Why does Let's Encrypt appear as issuer?

Let's Encrypt is a free CA from the Internet Security Research Group. It issues free 90-day DV certificates with automatic renewal via ACME. It's the world's most used CA.

Is it legal to check any domain's SSL?

Yes. Verifying an SSL certificate is exactly what your browser does every time you visit an HTTPS site — it establishes a TLS connection and validates the certificate. Tools like Qualys SSL Labs, Digicert SSL Checker or any browser do the same thing. We don't access any private content or perform any action beyond reading the public certificate.

Embed this tool

Integrate the SSL Checker in your blog or website:

<iframe src="https://miguelacm.es/embed/ssl-checker" width="100%" height="700" style="border:none;border-radius:12px;" loading="lazy"></iframe>

Source code available on GitHub.

View on GitHub

Related tools

Web Analyzer

Full technical audit: DNS, SSL, SEO, email and stack.

HTTP Headers Checker

HTTP headers + security analysis HSTS/CSP.

Redirect Checker

URL redirect chain with status code and time.

DNS Lookup

DNS records: A, AAAA, MX, TXT, NS, CNAME, SOA.