Question 1

How often should I renew my SSL certificate?

Accepted Answer

Let's Encrypt certificates are valid for 90 days and should be renewed every 60 days (30-day buffer). Certificates from commercial CAs (DigiCert, Sectigo, etc.) are valid for up to 1 year — the 2-year maximum was eliminated in 2020, and Apple, Google, and Mozilla are pushing toward 90-day maximums for all certificates by 2025. The safest approach is to automate renewal using the ACME protocol with Certbot, Caddy, or a hosting provider that handles it natively. Set monitoring alerts at 30 days, 14 days, and 7 days before expiry. An expired certificate causes browsers to block all visitors with a hard security error — there is no bypass for non-technical users.

Question 2

What's the difference between DV, OV, and EV certificates?

Accepted Answer

DV (Domain Validated) certificates only verify that you control the domain. Issuance is automated and takes minutes. They provide the same encryption strength as higher tiers and are sufficient for most websites and APIs. OV (Organization Validated) certificates require the CA to verify your business exists and is legally registered. The verified organization name appears in the certificate details. They are appropriate for corporate websites, B2B platforms, and e-commerce. EV (Extended Validation) certificates require the most rigorous vetting — legal existence, physical address, and phone verification. Historically they triggered a green address bar in browsers, but major browsers removed that UI indicator in 2019 because research showed users did not notice it.

Question 3

Why does my certificate show as self-signed?

Accepted Answer

A self-signed certificate is signed by its own private key instead of a trusted Certificate Authority (CA). Because no recognized CA has vouched for it, browsers cannot verify the identity of the server and display a security warning — NET::ERR_CERT_AUTHORITY_INVALID in Chrome or SEC_ERROR_UNKNOWN_ISSUER in Firefox. Visitors have no way to bypass this warning on mobile browsers. Self-signed certificates are appropriate for localhost development, internal corporate networks with a custom CA installed on devices, and container-to-container communication within a private cluster. For any production site accessible to the public, use a free Let's Encrypt certificate or a paid CA certificate to avoid visitor trust issues and SEO penalties.

SSL Certificate Checker

Ready to inspect

Why Use Our SSL Checker?

Certificate Validity

Expiry Countdown

Issuer Details

SANs & Wildcard

Protocol & Cipher

Fingerprint Check

Frequently Asked Questions

How often should I renew my SSL certificate?

What's the difference between DV, OV, and EV certificates?

Why does my certificate show as self-signed?

SSL is the start of a secure application

SSL Certificate Checker

Ready to inspect

Why Use Our SSL Checker?

Certificate Validity

Expiry Countdown

Issuer Details

SANs & Wildcard

Protocol & Cipher

Fingerprint Check

Frequently Asked Questions

How often should I renew my SSL certificate?

What's the difference between DV, OV, and EV certificates?

Why does my certificate show as self-signed?

SSL is the start of a secure application