DomainDash docs
Get started free

SSL certificates

Catch certificate problems before your visitors do. No more surprise browser warnings.

Overview

Your SSL certificate is the padlock in your browser's address bar. It's what keeps the connection between your visitors and your site private and secure. If your certificate expires or has a problem, browsers will show a scary warning page that stops people from reaching your site. DomainDash keeps an eye on your certificate so you know about issues well before they affect anyone.

What we check

Every time we run an SSL check, we look at several things:

  • Is a certificate present? We make sure your site actually has a certificate installed.
  • Has it expired? Certificates have a fixed lifespan. We track when yours expires and warn you in advance.
  • Does it cover the right domain? A certificate issued for example.com won't work for shop.example.com. We check that your certificate matches the domain we're monitoring.
  • Is the chain trusted? Your certificate is part of a chain that leads back to a trusted authority. If any link in that chain is broken, browsers won't trust it.
  • Is it self-signed? Self-signed certificates aren't trusted by browsers. We flag these so you know to switch to a proper certificate.
  • Is the connection secure? We verify that the TLS (Transport Layer Security) connection, the encryption technology behind HTTPS, is working correctly.

Each check gets a clear pass or fail, so you can see at a glance whether everything is in order.

Understanding your SSL data

The security detail page shows two cards side by side:

Certificate details

This shows the key facts about your current certificate:

  • Covers: the domain name the certificate was issued for
  • Issued by: the certificate authority (like Let's Encrypt, Cloudflare, or DigiCert)
  • Valid from / Expires: the start and end dates of your certificate's lifespan
  • Protocol: the TLS version in use (like TLS 1.3)
  • Chain: whether the certificate chain is trusted

Below these details, a lifespan progress bar shows how far through its validity period your certificate is. As it gets closer to expiry, the bar changes colour to draw your attention.

Security checks

This is a checklist showing whether your certificate passes each of the checks described above. A green tick means everything is fine; a red cross means something needs attention.

Common SSL issues

Expired certificate

This is the most common problem. Your certificate has a fixed lifespan (usually 90 days for Let's Encrypt, or up to a year for paid certificates). When it expires, browsers will block visitors from reaching your site.

What to do: Most hosting providers and CDNs (like Cloudflare, Netlify, or Vercel) renew certificates automatically. If yours expired, check whether auto-renewal failed. If you manage your own certificate, renew it with your certificate provider and install the new one.

Wrong domain

Your certificate was issued for a different domain than the one we're checking. This often happens when you add a new subdomain or switch domains without updating your certificate.

What to do: Get a new certificate that covers the correct domain. If you use a wildcard certificate (like *.example.com), make sure it covers the specific domain you need.

Self-signed certificate

A self-signed certificate wasn't issued by a trusted certificate authority. Browsers will show a warning page telling visitors the connection isn't secure.

What to do: Replace it with a certificate from a trusted provider. Let's Encrypt offers free certificates, and most hosting providers can set one up for you automatically.

Broken certificate chain

Your certificate relies on a chain of trust back to a root authority. If part of that chain is missing, browsers can't verify your certificate.

What to do: This usually means an intermediate certificate is missing from your server configuration. Your hosting provider or certificate authority can help you install the full chain.

TLS connection error

We couldn't establish a secure connection to your site at all. This might mean TLS is misconfigured or disabled on your server.

What to do: Check your server's TLS configuration. Make sure TLS is enabled and that your server supports modern TLS versions (1.2 or 1.3).

Monitor your websites for free

DomainDash checks your uptime, SSL, DNS, and domain registration so you don't have to. Set up in under a minute.

Get started free Learn more