An SSL/TLS certificate is a digital document that proves a website's identity and enables encrypted HTTPS connections. When you visit a site with a padlock in the address bar, the browser has verified the certificate's validity and established an encrypted channel. SSL is the older name; TLS (Transport Layer Security) is the current protocol, but 'SSL certificate' is still the common term.

First, note the exact expiry date and who issued the certificate (the Certificate Authority). Then renew through your hosting provider or certificate issuer — most CAs send reminders 30, 14, and 7 days before expiry. Let's Encrypt certificates are valid for 90 days and should be set to auto-renew. An expired certificate causes browsers to show a security warning and blocks visitors.

SANs are additional hostnames the certificate is valid for. A certificate issued to 'example.com' can also cover 'www.example.com', 'mail.example.com', and other subdomains listed in the SAN field. Wildcard certificates (*.example.com) cover all direct subdomains in a single certificate.

This can happen when the certificate chain is incomplete — the server doesn't send intermediate certificates that link back to a trusted root CA. It can also happen if the hostname doesn't match any SAN in the certificate, or if mixed content (HTTP resources loaded on an HTTPS page) is detected.

This tool connects to the target domain using TLS and reads the public certificate information — validity dates, issuer, and SANs. This is the same data your browser reads when you visit any HTTPS site. No private keys or sensitive data are involved.