Free SSL/TLS Checker API

Check SSL and TLS certificates from an API or the form below. Get certificate expiry, issuer, hostname match, chain validation, fingerprints, and TLS connection details.

Base URL: https://api.sslchecked.com

Check a site API examples

Free JSON APINo API keys needed for most usage.

Fair use limits300 requests per minute per IP, with short bursts up to 600.

Fast repeat checksLong-lived valid certs are cached longer.

Check a certificate

Try an example:

What it checks

Use SSL Checked when a tool, crawler, or script needs a quick answer on whether a site has a usable certificate.

Certificate presence	Returns `certificate_present` when the host completes a TLS handshake and sends a certificate.
Certificate status	Returns `valid`, `expired`, `not_yet_valid`, `hostname_mismatch`, or `invalid_chain`.
Full certificate data	Includes issuer, subject, SANs, validity dates, fingerprints, key details, and chain summaries.
Safety checks	Blocks private IPs, internal names, localhost, link-local ranges, and other SSRF targets.

API

All API responses are JSON. Invalid certificates still return certificate details when the site presents one, with clear validation errors included in the response.

Single check

Use this endpoint when you want to check one host.

curl https://api.sslchecked.com/v1/check/example.com

Bulk check

Use the bulk endpoint when you have a short list and want one response. Hosts are checked concurrently.

curl -X POST https://api.sslchecked.com/v1/check \
  -H 'Content-Type: application/json' \
  -d '{"hosts":["example.com","github.com","expired.badssl.com"]}'

Response fields

Most free checker tools only need two fields. The full response is there when you need the detail.

Field	Meaning
`certificate_present`	`true` when the host completed a TLS handshake and presented a certificate.
`certificate_status`	One of `valid`, `expired`, `not_yet_valid`, `hostname_mismatch`, or `invalid_chain`.
`certificate.valid_to`	The expiry timestamp. Clients can calculate days remaining from this.
`validation.errors`	Details returned when the certificate cannot be trusted or matched to the hostname.

Caching

Single checks include cache headers. Stable certificates are cached longer, while errors and nearly expired certificates are checked more often.

Expiry window	Cache TTL
> 45 days	7 days
30-45 days	72h
14-30 days	48h
7-14 days	12h
3-7 days	3h
1-3 days	30m
< 1 day, expired, or invalid	10m
DNS errors	60s
Connection, TLS, or timeout errors	10s

Free API limits

Use the free API for lookups, crawlers, and light to medium automation. Per-IP rate limits and a 50-host bulk limit keep checks responsive.

The default limit is 300 requests per minute per IP. The burst value lets a client make up to 600 requests quickly if it has been idle, then the allowance refills at the normal per-minute rate.

Rate-limited responses use 429 and include a Retry-After header.