Domain WHOIS & SSL Inspector

Look up the full registration profile and live SSL certificate of any domain — no API key. Pass a list of domains and get one clean row each with registration date, domain age, expiry, registrar, name servers, DNSSEC, and the live TLS certificate (issuer, validity window, and days until expiry).

What you get

• Registrar and its IANA ID
• Created / updated / expiry dates (from RDAP, the modern successor to WHOIS)
• Domain age in days and days until expiry
• Status codes (e.g. client transfer prohibited) and DNSSEC flag
• Name servers
• SSL certificate — subject, issuer organization & CN, valid-from / valid-to, days until certificate expiry, SAN list, whether the chain validated, and the negotiated TLS protocol

Use cases

• Lead enrichment — append domain age and registrar to a prospect list; newly registered domains often mean brand-new companies
• Churn & renewal signals — flag domains or SSL certificates expiring soon
• Security & compliance audits — confirm certificate issuers, expiry, and TLS versions across a portfolio
• Brand & domain monitoring — watch registrar, status, and name-server changes
• Sales prospecting — segment a domain list by registrar, hosting name servers, or domain age

How to use

1. Paste one or more domains (e.g. apify.com) — URLs and www. are handled for you
2. Leave Check SSL Certificate on to read the live TLS cert (turn off for RDAP-only, faster runs)
3. Optionally set Max Items to cap how many domains are inspected (0 = all)
4. Run the actor — results land in the Dataset tab
5. Export to JSON, CSV, Excel, or Google Sheets directly from the Apify console

Example input

{
  "domains": ["apify.com", "google.com", "github.com"],
  "checkSsl": true,
  "maxItems": 0
}

Output format

One dataset record per domain:

{
  "domain": "apify.com",
  "registrar": "Amazon Registrar, Inc.",
  "registrarIanaId": "468",
  "createdDate": "2009-06-02T17:14:10.000Z",
  "updatedDate": "2026-05-16T16:53:04.000Z",
  "expiryDate": "2035-06-02T17:14:10.000Z",
  "domainAgeDays": 6208,
  "expiresInDays": 3288,
  "statuses": ["client transfer prohibited"],
  "nameServers": ["NS-1225.AWSDNS-25.ORG", "NS-449.AWSDNS-56.COM"],
  "dnssec": false,
  "ssl": {
    "subjectCN": "apify.com",
    "issuerOrg": "Amazon",
    "issuerCN": "Amazon RSA 2048 M02",
    "validFrom": "2026-04-01T00:00:00.000Z",
    "validTo": "2027-05-01T23:59:59.000Z",
    "daysUntilExpiry": 334,
    "san": ["apify.com", "*.apify.com"],
    "authorized": true,
    "authError": null,
    "protocol": "TLSv1.3"
  },
  "rdapError": null,
  "sslError": null
}

Notes

• Registration data comes from RDAP, the IETF-standard replacement for WHOIS. Coverage is excellent for gTLDs (.com, .net, .org, .io, …); some country-code TLDs don't publish RDAP, in which case rdapError is set and SSL data is still returned.
• SSL details reflect the certificate the host presents on port 443. authorized is false (with authError) for self-signed or otherwise invalid chains — the certificate is still reported.