🔒 TLS Certificate Inspector

Look up every certificate ever issued for a hostname. Browsers can't inspect the cert your TLS connection actually used directly from JavaScript, but the public Certificate Transparency log records every cert issued by a public CA — so we can show you the full history of issued certs for the name.

Hostname or domain

Try:

Total certs

—

Currently valid

—

Expired

—

Unique issuers

—

Most recent

—

Certificate history

Issued	Expires	Issuer	Common Name	Subject Alternative Names

Newest first. Up to 50 results shown. The full history is on crt.sh ↗.

📚 What this tool can and can't tell you

Can: see every cert publicly issued for a hostname (after mid-2018 all WebPKI certs must be CT-logged).
Can: spot rogue or unexpected certs issued for your domain — useful for breach detection.
Can: see what CAs your domain has used over time.
Can't: tell you which cert your browser is currently using for a TLS connection — JavaScript has no API for that. Use your browser's URL-bar lock icon or openssl s_client -connect host:443.
Can't: see private CA certs (internal intranet CAs). CT only logs public WebPKI.

⚠️ Third-party dependency

Lookups are sent directly from your browser to crt.sh, Sectigo's public Certificate Transparency search service. FunWithText is not in the path — the hostname you type is visible to crt.sh because the request goes there. crt.sh sees your IP and the query, the same as any ordinary website you visit. No data is sent to FunWithText.

🧰 Related privacy tools

🌐 What's My IP 🛰️ DNS Leak Test 📬 HTTP Headers ✉️ Email Headers