Glossary Guides

What Is SSL/TLS

Learn what SSL/TLS and HTTPS are, how certificates work, expiry, chains, hostname validation, and common TLS mistakes.

By CheckDomainHealth Editorial Team Reviewed by Dionis Ceban Updated Jun 28, 2026 5 min read Beginner

Introduction

When you visit https://example.com, TLS encrypts the connection and the certificate helps verify you reached the real server for that hostname.

Certificates are issued by certificate authorities (CAs), expire on a schedule, and must match the hostname users type in the browser.

Quick answer

Quick answer

SSL/TLS encrypts traffic between a browser and server. HTTPS is HTTP over TLS. A certificate proves the server identity to clients and enables the padlock icon. TLS is the modern protocol; SSL is the older name still used informally.

What it means

TLS uses a public/private key pair. The server presents a certificate chain clients trust if signed by a recognized CA and matching the requested hostname.

  • HTTPS — secure web traffic using TLS
  • Certificate — proves server identity for a hostname
  • CA — trusted issuer that signs certificates
  • Chain — leaf cert plus intermediate certificates
  • Expiry — certificates must be renewed
  • Hostname mismatch — cert must cover the domain visited

Where you see this:

  • Websites, APIs and login pages
  • E-commerce and payment forms
  • Email submission over SMTPS and webmail HTTPS
  • SEO and browser security requirements
Example
https://example.com    TLS encrypted connection
Certificate covers: example.com, www.example.com
Issuer: Let's Encrypt / DigiCert / etc.

Why this matters

Why this matters

Without valid TLS, browsers show warnings, data can be intercepted, and users lose trust. Expired, self-signed or incomplete chain certificates break HTTPS even when the server is online.

How to check it

  1. Run SSL Checker on your public hostname.
  2. Check expiry date, issuer and covered hostnames.
  3. Verify the certificate chain is complete.
  4. Test in browser for padlock and warning messages.
  5. Use openssl s_client -connect host:443 -servername host for details.

Check SSL certificate

Use SSL Checker to verify certificate validity, expiry, issuer and hostname coverage.

Run SSL Check →

Common mistakes

Expired certificate

High

notAfter date passed; browsers show security warnings.

Next step: Renew and install new certificate before expiry.

Hostname mismatch

High

Cert issued for different name than user visits.

Next step: Reissue certificate including correct SAN names.

Missing intermediate chain

High

Only leaf cert installed; clients cannot build trust.

Next step: Install fullchain.pem or CA bundle.

Mixed content on HTTPS pages

Medium

Page loads over HTTPS but assets use HTTP.

Next step: Update asset URLs to HTTPS or relative paths.

Old TLS versions enabled

Medium

Server allows deprecated TLS 1.0/1.1.

Next step: Disable old protocols; use TLS 1.2+.

Example

Check certificate with openssl
openssl s_client -connect example.com:443 -servername example.com </dev/null 2>/dev/null | openssl x509 -noout -dates -subject -issuer

Frequently asked questions

What is the difference between SSL and TLS?

TLS is the modern protocol. SSL refers to older versions. People still say SSL for HTTPS certificates.

Do I need SSL for email?

Webmail and SMTP submission often use TLS. MX delivery uses different mechanisms, but TLS is common for secure mail transport.

What is a self-signed certificate?

A certificate not signed by a public CA. Browsers do not trust it by default.

How often do certificates expire?

Let's Encrypt often uses 90 days. Many commercial certs last up to one year or more depending on CA policy.

Use these free tools to verify your configuration after applying changes.

Browse all Glossary guides →

Need help applying this fix?

Send us your domain, report link or issue details. CheckDomainHealth will review the request and route it to the right technical team if hands-on support is needed.

Get Help Run Domain Health Check

Was this guide helpful?

Your feedback helps us improve our guides for everyone.