Domain Expiry Checker
Check when a domain registration expires and when its SSL certificate expires.
Powered by Geekflare TLS Scan API
What Is a Domain Expiry Checker?
Domain Expiry Checker looks up two independent expiry timelines for any domain in one report: the domain registration expiry from the public RDAP registry, and the SSL certificate expiry from a live TLS handshake via the Geekflare TLS Scan API.
Letting either expire causes immediate problems — an expired domain registration can result in loss of the domain name, while an expired SSL certificate triggers browser security warnings that block visitors.
What the Tool Checks
| Data Point | Source | What It Shows |
|---|---|---|
| Domain expiry date | RDAP (public registry) | When the domain registration expires at the registrar |
| Domain creation date | RDAP | When the domain was first registered |
| Last updated date | RDAP | When the registration record was last changed |
| Registrar | RDAP | The registrar managing the domain's registration |
| Registry statuses | RDAP | Active, locked, transfer-prohibited, and other registry flags |
| SSL certificate expiry | Geekflare TLS Scan API | When the server's current TLS certificate expires |
| SSL issuer | Geekflare TLS Scan API | The certificate authority that issued the certificate |
How to Read the Results
Domain Expires / SSL Expires — Both stat cards show days remaining. Values in green mean more than 30 days remain. Amber means 30 days or fewer. Red means already expired.
Findings panel — Summarizes any action needed. Domains expiring within 60 days trigger a warning so you have time to renew without rushing.
Domain Registration card — Lists all RDAP fields. Registry statuses such as clientTransferProhibited are normal anti-hijack locks; pendingDelete or redemptionPeriod indicate the domain is in a post-expiry grace window.
SSL Certificate card — Shows the certificate's common name, issuing CA, and expiry date. If this card is absent, the domain's HTTPS endpoint was unreachable or returned no TLS data.
Why Both Expiries Matter
| Expiry Type | What Happens If It Lapses |
|---|---|
| Domain registration | Domain enters a grace period, then becomes available for anyone to register. Email, website, and any service tied to the domain stops working. |
| SSL certificate | Browsers display a "Your connection is not private" warning. Most visitors will leave rather than proceed. |
Renew domain registrations at least 30 days before expiry. SSL certificates issued by most CAs are valid for 90 days (Let's Encrypt) or up to 1 year (commercial CAs) — automate renewal where possible.
Frequently Asked Questions
Domain registration dates come from RDAP (Registration Data Access Protocol), the modern successor to WHOIS. The tool queries the IANA RDAP bootstrap, which routes to the authoritative registry for the domain's TLD.
Certificate expiry is retrieved from a live TLS handshake via the Geekflare TLS Scan API, which returns the certificate's expiry date directly from the server.
Some ccTLDs (country-code top-level domains) do not publish RDAP services. In that case, domain registration data will show as unavailable while the SSL certificate expiry is still checked.
Most registrars recommend renewing at least 30 days before expiry. After the expiry date, there is typically a grace period followed by a redemption period — both can be costly. Renewing early avoids accidental lapses.