Your SSL certificate keeps your website traffic encrypted between your server and your visitor. It is very important to ensure your SSL certificate is not just valid in terms of expiry, but also that the certificate chain is not broken, or that the wrong domain name has been issued.
What is an SSL Certificate?
Your SSL certificate is issued by an authority who hold a master certificate called a 'Root Certificate'. Those authorities, called Certificate Authorities (CA), are trusted by the likes of Microsoft, Google, Apple and Mozilla, who ship references to the root certificates with their products (browsers, operating systems, etc).
An SSL certificate is an extension of the root certificate that shows that the owner of the server has encrypted the traffic. That doesn't necessarily mean that the owner of the website or SSL certificate can be trusted though, just that the website traffic is encrypted using a proper certificate.
Although anyone can create a technically valid SSL certificate by being their own certificate authority (it's a very simple process, and common for developers to do for debugging and local testing) only SSL certificates from a valid certificate authority will produce a clean, error-free experience for the user.
What do we check your SSL for?
A number of things. SSL certificates expire. This is particularly important for Let's Encrypt certificates, which are often renewed every 30 days instead of the normal annual cycle. We'll ensure your certificate is in date.
You'll want to ensure your SSL certificate is actually being loaded too. It can often happen that there are multiple SSL certificates on a server, but it's important the right one is loaded. A change in server configuration can easily knock out your certificate, and this might not happen until a reboot of the server or apache/nginx (web server software). We'll check your SSL is loaded and is being used in the correct way.
SSL certificates are tied to a specific domain name. They come in different forms, with the most common SSL certificate being linked to a single domain name (and the www. counter-part, often). Other certificates, such as a wildcard certificate, can be linked to multiple domain names. However, they all need to be attributed to a domain name, and if the domain name of your website doesn't match that of the certificate you'll end up with errors for your users. We'll check to ensure this doesn't happen.
When do we check?
Our SSL validity checks run on a daily basis. Like all our checks, you can run them manually at any time and check the results once the check has run.
In addition to the validity check we also have an expiry check, which will alert you to upcoming renewals for your SSL certificate to ensure there is no lapse. This is important for all certificates, but can often highlight issues with Let's Encrypt renewal failures before they pose an issue to your users.