Skip to main content
DigiCalcs

How to Calculate SSL Certificate Expiry

What is SSL Certificate Expiry?

The SSL Certificate Expiry Calculator computes days remaining until an SSL/TLS certificate expires, identifies urgent renewal needs, and calculates renewal reminder dates based on your preferred lead time (default 30 days). SSL/TLS certificates secure HTTPS connections by encrypting data and verifying server identity. Expired certificates cause browser security warnings, broken HTTPS, and erode user trust — making expiry tracking essential for any site or API.

Formula

Days Until Expiry = (Expiry Date − Today) / 86,400,000 ms per day; Renewal Reminder = Expiry Date − Reminder Days
exp
Expiry Date (date) — Certificate notAfter timestamp
iss
Issued Date (date) — Certificate notBefore timestamp

Step-by-Step Guide

  1. 1Enter the certificate expiration date (visible in browser by clicking the padlock icon)
  2. 2Optionally enter the issued date for total validity period and percent-of-life-used calculation
  3. 3Set your reminder lead time in days (30 default; some teams use 14 or 60)
  4. 4Calculator computes days until expiry and renewal reminder date
  5. 5Status: HEALTHY (>30 days), RENEW SOON (within reminder threshold), URGENT (<7 days), EXPIRED (negative days)
  6. 6Pull total certificate validity from issued + expiry dates if both provided
  7. 7Visual bar compares days left to your reminder threshold

Worked Examples

Input
90 days until expiry, 30-day reminder
Result
Healthy, 90 days remaining, renew on day-60 from today
Input
15 days until expiry
Result
RENEW SOON status — within 30-day reminder window
Input
Expired 5 days ago
Result
EXPIRED status — renew immediately, HTTPS broken on production

Common Mistakes to Avoid

  • Manually tracking expiration without automated alerts — most outages from expired certs happen because nobody was watching
  • Ignoring intermediate certificates — full chain must be valid, not just the leaf cert
  • Not testing renewal in advance — Let's Encrypt renewals can fail silently due to ACME challenge issues
  • Forgetting wildcard cert renewals affect all subdomains simultaneously

Frequently Asked Questions

How long are SSL certificates valid?

Public CA certificates max 397 days (since Sep 2020). Let's Encrypt issues 90-day certs. Internal CAs can issue longer (some 10+ years). Browser enforced limits prevent certs over 398 days from being trusted.

What happens when a cert expires?

Browsers show security warnings (NET::ERR_CERT_DATE_INVALID), block connections, and damage SEO. API clients reject the connection unless they disable verification (security risk).

Should I automate renewal?

Yes — use certbot/acme.sh for Let's Encrypt, or your cloud provider's certificate manager (AWS ACM, Azure App Service Certificates). Manual renewal is the #1 cause of expiration outages.

Ready to calculate? Try the free SSL Certificate Expiry Calculator

Try it yourself →

Settings

PrivacyTermsAbout© 2026 DigiCalcs