SSL Certificate
Checks that the SSL certificate is valid, not expired, and not expiring soon.
What this check measures
We read the TLS certificate chain and check: issuer (trusted CA), subject matches the domain, not-before and not-after dates. Flag certs expiring in under 14 days.
Why it matters
An expired certificate makes the site inaccessible — browsers show full-page warnings. Losing access to your site, even for an hour, damages trust and costs conversions. Auto-renewal usually works but sometimes fails silently.
How our audit detects it
TLS handshake to parse certificate. Verify chain against known CAs. Calculate days until expiry.
Typical findings
- error_outlineCert expires in 5 days — auto-renew probably failed.
- error_outlineCert issued for wrong subject (e.g., only www, but you serve apex).
- error_outlineSelf-signed cert in production — browsers block.
How to fix
Enable auto-renewal via Let's Encrypt (all major hosts support this). Monitor expiry — set a calendar reminder or an uptime alert. Include both www and apex in the cert.
Frequently asked questions
How often does Let's Encrypt renew?expand_more
Want this checked on your site?
Pantra runs the full audit (SEO, Security, GEO, Performance, Schema, Technical, Images) in 10 seconds and generates stack-specific fix prompts.
Scan my siteRelated checks
HTTPS Enabled
Checks that the site serves over HTTPS and redirects HTTP to HTTPS.
SecurityTLS Version
Checks that the server uses TLS 1.2 or higher — older versions are broken.
SecurityMixed Content
Checks for HTTP resources loaded on HTTPS pages — browsers block or warn.
SecurityHSTS Header
Checks for Strict-Transport-Security header — blocks HTTPS downgrade attacks.