SSL Certificate Checker avatar

SSL Certificate Checker

Pricing

Pay per event

Try for free
Go to Apify Store
SSL Certificate Checker

SSL Certificate Checker

Try for free

SSL Certificate Checker connects to domains over TLS and inspects their SSL certificates. It returns structured data about certificate validity, expiry, issuer chain, TLS protocol version, cipher suite, and a security grade from A+ to F.

Pricing

Pay per event

Rating

0.0

(0)

Developer

Stas Persiianenko

Stas Persiianenko

Maintained by Community

Actor stats

0

Bookmarked

3

Total users

2

Monthly active users

2 days ago

Last modified

Categories

Developer tools

Share

Check SSL/TLS certificates for any domain -- expiry dates, issuer, security grade (A+ to F), certificate chain, and protocol details.

What does SSL Certificate Checker do?

SSL Certificate Checker connects to domains over TLS and inspects their SSL certificates. It returns structured data about certificate validity, expiry, issuer chain, TLS protocol version, cipher suite, and a security grade from A+ to F.

Use it to monitor certificate expiry across your domains, audit SSL configuration, verify certificate chains, or build alerts before certificates expire.

Use cases

  • Certificate expiry monitoring -- schedule weekly runs to catch expiring certificates before they cause downtime and browser warnings
  • Security auditing -- verify SSL configuration, TLS version, and cipher suites across your infrastructure
  • Vendor assessment -- check the SSL posture of third-party services and SaaS providers your organization depends on
  • Compliance reporting -- generate certificate reports for PCI-DSS, SOC 2, or internal security policy requirements
  • Migration verification -- confirm that certificate chains are valid after moving to new hosting or CDN providers

Why use SSL Certificate Checker?

  • Security grading -- A+ to F grade based on certificate validity, TLS version, and configuration gives you an instant overview
  • Expiry monitoring -- days until expiry with severity levels (critical < 7 days, warning < 30 days) so you can prioritize action
  • Certificate chain -- full chain from leaf to root CA for debugging trust issues
  • Protocol details -- TLS version and cipher suite reported for each domain
  • Bulk checking -- process hundreds of domains in a single run
  • URL cleaning -- paste full URLs; protocols, paths, and www. are stripped automatically

Input parameters

ParameterTypeRequiredDefaultDescription
domainsarrayYes--List of domain names to check. URLs are automatically cleaned (https://example.com/path becomes example.com). Duplicates are removed.

Example input

{
    "domains": ["apify.com", "google.com", "expired.badssl.com"]
}

Output example

Each domain produces one record with:

FieldDescription
domainThe checked domain
isValidWhether the certificate is trusted and not expired
gradeSecurity grade: A+, A, B, C, D, or F
certificateCertificate details (subject, issuer, expiry, SANs, fingerprints)
chainCertificate chain from leaf to root
protocolTLS protocol version (e.g. TLSv1.3)
cipherCipher suite name
issuesArray of security issues with severity levels
checkTimeMsCheck duration in milliseconds
errorError message if check failed
checkedAtISO timestamp
{
    "domain": "apify.com",
    "isValid": true,
    "grade": "A+",
    "certificate": {
        "subject": "CN=apify.com",
        "issuer": "CN=E6, O=Let's Encrypt, C=US",
        "validFrom": "2026-01-15T00:00:00.000Z",
        "validTo": "2026-04-15T00:00:00.000Z",
        "daysUntilExpiry": 45,
        "subjectAltNames": ["apify.com", "*.apify.com"]
    },
    "chain": [
        { "subject": "CN=E6, O=Let's Encrypt, C=US", "issuer": "CN=ISRG Root X2, O=Internet Security Research Group, C=US" }
    ],
    "protocol": "TLSv1.3",
    "cipher": "TLS_AES_256_GCM_SHA384",
    "issues": [],
    "checkTimeMs": 120,
    "error": null
}

How to check SSL certificates for a domain

  1. Go to SSL Certificate Checker on Apify Store
  2. Enter one or more domain names in the domains field (e.g., apify.com, google.com)
  3. Click Start to run the checker
  4. Wait for results -- each domain is checked in milliseconds
  5. Review the output for certificate validity, expiry dates, security grade, and TLS details
  6. Download results as JSON, CSV, or Excel, or connect via API

How much does it cost to check SSL certificates?

SSL Certificate Checker uses Apify's pay-per-event pricing. You only pay for what you use.

EventCost
Run start$0.035
Per domain checked$0.001

Cost examples:

  • 5 domains: $0.035 + 5 x $0.001 = $0.04
  • 100 domains: $0.035 + 100 x $0.001 = $0.135
  • 1,000 domains: $0.035 + 1,000 x $0.001 = $1.035

Using the Apify API

You can start SSL Certificate Checker programmatically using the Apify API. Replace YOUR_TOKEN with your Apify API token.

Node.js

import { ApifyClient } from 'apify-client';


const client = new ApifyClient({ token: 'YOUR_TOKEN' });
const run = await client.actor('automation-lab/ssl-certificate-checker').call({
    domains: ['apify.com', 'google.com'],
});
const { items } = await client.dataset(run.defaultDatasetId).listItems();
console.log(items);

Python

from apify_client import ApifyClient


client = ApifyClient('YOUR_TOKEN')
run = client.actor('automation-lab/ssl-certificate-checker').call(run_input={
    'domains': ['apify.com', 'google.com'],
})
items = client.dataset(run['defaultDatasetId']).list_items().items
print(items)

cURL

curl "https://api.apify.com/v2/acts/automation-lab~ssl-certificate-checker/run-sync-get-dataset-items?token=YOUR_TOKEN" \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{"domains": ["apify.com", "google.com"]}'

Use with AI agents via MCP

SSL Certificate Checker is available as a tool for AI assistants via the Model Context Protocol (MCP).

Setup for Claude Code

claude mcp add --transport http apify \
  "https://mcp.apify.com?tools=automation-lab/ssl-certificate-checker"

Setup for Claude Desktop, Cursor, or VS Code

{
    "mcpServers": {
        "apify-ssl-certificate-checker": {
            "url": "https://mcp.apify.com?tools=automation-lab/ssl-certificate-checker"
        }
    }
}

Example prompts

  • "When does the SSL certificate for example.com expire?"
  • "Check SSL certificates for all our domains"
  • "Grade the SSL security of these vendor websites"

Learn more in the Apify MCP documentation.

Integrations

Connect SSL Certificate Checker with other tools using Apify integrations. Set up webhooks to get alerts when certificates are about to expire. Export results to Google Sheets for infrastructure tracking, send Slack notifications when grades drop below a threshold, trigger Make or Zapier workflows for automated certificate management, or push data to n8n for custom monitoring pipelines.

Grading scale

GradeDescription
A+Excellent -- TLS 1.3, valid certificate, strong cipher, long validity
AGood -- valid certificate, modern TLS, minor configuration gaps
BFair -- valid certificate but older TLS version or weaker cipher
CBelow average -- certificate issues or outdated protocol
DPoor -- significant problems such as weak ciphers or short validity
FFailing -- expired, self-signed, untrusted, or unreachable

Tips and best practices

  • Monitor expiry -- schedule weekly runs to catch certificates before they expire and cause downtime.
  • Test with badssl.com -- use expired.badssl.com, self-signed.badssl.com to verify detection works as expected.
  • Grade interpretation -- A+ means TLS 1.3, trusted, long validity. F means expired, untrusted, or connection failed.
  • Filter by daysUntilExpiry to prioritize domains that need immediate attention (under 30 days).
  • Combine with HTTP Headers Security Checker for a complete security audit covering both certificate health and header configuration.

FAQ

What security grades are possible? Grades range from A+ (excellent -- TLS 1.3, valid certificate, strong cipher) down to F (expired, self-signed, or unreachable). The grading considers TLS version, certificate validity, chain completeness, and cipher strength.

Can I check internal or private domains? The actor connects to domains over the public internet. Internal domains that are not publicly reachable cannot be checked.

Does it check for certificate transparency logs? The actor focuses on certificate validity, chain verification, and TLS configuration. Certificate transparency log checking is not currently included.

A domain I know is valid gets a grade of F. Why? An F grade can result from several issues: the certificate is expired, self-signed, issued for a different domain, or the server is unreachable on port 443. Check the issues array in the output for specific details. If the site works in your browser, the server may be blocking connections from cloud IP ranges.

The actor shows TLSv1.2 instead of TLSv1.3. Is that a problem? TLS 1.2 is still considered secure and widely used. However, TLS 1.3 is faster and more secure, which is why it receives a higher grade. If your server supports TLS 1.3 but the actor reports 1.2, the server's configuration may prefer 1.2 for certain clients. Check your server's TLS configuration to ensure 1.3 is enabled and preferred.

Other DNS and security tools

You might also like

SSL Certificate Checker avatar

SSL Certificate Checker

rationalistic_counsel/ssl-certificate-checker

User avatar

J N

2

SC

SSL Certificate Checker

nexgendata/ssl-certificate-checker

Check SSL/TLS certificates for any domain — expiration dates, issuer, protocol versions, and security grade. Monitor certificate health across your infrastructure.

User avatar

Stephan Corbeil

2

SSL Certificate Expiry Monitor avatar

SSL Certificate Expiry Monitor

andok/ssl-certificate-monitor

Monitor SSL/TLS certificate validity and expiration dates across thousands of domains to prevent costly outages.

User avatar

Andok

2

SSL Certificate Monitor API | Expiry + Issuer Changes avatar

SSL Certificate Monitor API | Expiry + Issuer Changes

taroyamada/ssl-certificate-monitor

Check SSL/TLS certificates in bulk, detect expiry and issuer changes, and emit alert-ready rows for ops and SEO teams.

User avatar

太郎 山田

4

SC

SSL Certificate Checker

scrappy_garden/ssl-certificate-checker

Check SSL/TLS certificates for any website: expiration date, issuer, subject, hostname match (SNI), chain/authorization status, and common HTTPS misconfigurations. Useful for SEO audits, security checks, and uptime monitoring.

User avatar

Bikram Adhikari

6

SC

Ssl Checker API

vivid_astronaut/ssl-checker

User avatar

Fabio Suizu

2

Bulk SSL Certificate Expiry DNS Monitor avatar

Bulk SSL Certificate Expiry DNS Monitor

logiover/bulk-ssl-certificate-expiry-dns-monitor

Check SSL certificate validity and expiration (days left, issuer, valid from/to) plus DNS A/MX resolution for thousands of domains. Fast, no browser, export-ready JSON/CSV. Ideal for agencies, SEO audits, DevOps monitoring and compliance.

User avatar

Logiover

5

Website HTTPS & SSL Health Checker avatar

Website HTTPS & SSL Health Checker

pillowy_travel/website-https-ssl-health-checker

Checks HTTPS availability and SSL certificate health for given URLs

User avatar

SAHIL KUMAR

71

5.0

SC

SSL Certificate Transparency Search

ryanclinton/crt-sh-search

Search Certificate Transparency logs via crt.sh for SSL/TLS certificates. Discover subdomains, monitor cert issuance, and detect unauthorized certificates. Returns unique subdomains with first/last seen dates or individual cert records.

User avatar

ryan clinton

2

SC

SSL Cipher Suite & Security Scanner

andok/ssl-cipher-checker

Audit TLS versions and negotiated cipher suites for a list of domains to ensure compliance and robust web security.

User avatar

Andok

2