Skip to main content

learn.howToCalculate

learn.whatIsHeading

The SSL Certificate Expiry Calculator computes days remaining until an SSL/TLS certificate expires, identifies urgent renewal needs, and calculates renewal reminder dates based on your preferred lead time (default 30 days). SSL/TLS certificates secure HTTPS connections by encrypting data and verifying server identity. Expired certificates cause browser security warnings, broken HTTPS, and erode user trust — making expiry tracking essential for any site or API.

Formula

Days Until Expiry = (Expiry Date − Today) / 86,400,000 ms per day; Renewal Reminder = Expiry Date − Reminder Days
exp
Expiry Date (date) — Certificate notAfter timestamp
iss
Issued Date (date) — Certificate notBefore timestamp

Guida passo passo

  1. 1Enter the certificate expiration date (visible in browser by clicking the padlock icon)
  2. 2Optionally enter the issued date for total validity period and percent-of-life-used calculation
  3. 3Set your reminder lead time in days (30 default; some teams use 14 or 60)
  4. 4Calculator computes days until expiry and renewal reminder date
  5. 5Status: HEALTHY (>30 days), RENEW SOON (within reminder threshold), URGENT (<7 days), EXPIRED (negative days)
  6. 6Pull total certificate validity from issued + expiry dates if both provided
  7. 7Visual bar compares days left to your reminder threshold

Esempi risolti

Ingresso
90 days until expiry, 30-day reminder
Risultato
Healthy, 90 days remaining, renew on day-60 from today
Ingresso
15 days until expiry
Risultato
RENEW SOON status — within 30-day reminder window
Ingresso
Expired 5 days ago
Risultato
EXPIRED status — renew immediately, HTTPS broken on production

Errori comuni da evitare

  • Manually tracking expiration without automated alerts — most outages from expired certs happen because nobody was watching
  • Ignoring intermediate certificates — full chain must be valid, not just the leaf cert
  • Not testing renewal in advance — Let's Encrypt renewals can fail silently due to ACME challenge issues
  • Forgetting wildcard cert renewals affect all subdomains simultaneously

Domande frequenti

How long are SSL certificates valid?

Public CA certificates max 397 days (since Sep 2020). Let's Encrypt issues 90-day certs. Internal CAs can issue longer (some 10+ years). Browser enforced limits prevent certs over 398 days from being trusted.

What happens when a cert expires?

Browsers show security warnings (NET::ERR_CERT_DATE_INVALID), block connections, and damage SEO. API clients reject the connection unless they disable verification (security risk).

Should I automate renewal?

Yes — use certbot/acme.sh for Let's Encrypt, or your cloud provider's certificate manager (AWS ACM, Azure App Service Certificates). Manual renewal is the #1 cause of expiration outages.

Pronto per calcolare? Prova la calcolatrice gratuita di SSL Certificate Expiry

Provalo tu stesso →

Impostazioni

PrivacyTerminiInfo© 2026 PrimeCalcPro