SSL Certificate Check API
Monitor certificate expiry, detect TLS versions, and inspect certificate chains for any domain with a single API call. Catch expiring certs before they cause downtime.
What It Returns
Expiry Date & Days Remaining
The certificate's not_after timestamp and a computed days_until_expiry field so you can set up automated alerts before certificates lapse.
Issuer & Subject
Full issuer details (organization, common name) and the certificate subject. Identify whether a site uses Let's Encrypt, DigiCert, Sectigo, or another CA.
TLS Version
The negotiated TLS protocol version (TLS 1.0, 1.1, 1.2, or 1.3). Flag servers still running deprecated TLS versions that violate PCI DSS or SOC 2 requirements.
Certificate Chain
The full certificate chain from leaf to root CA. Detect missing intermediates, self-signed certificates, and chain configuration errors.
Valid From
The not_before timestamp showing when the certificate was issued. Track renewal frequency and identify recently rotated certificates.
Domain Validation
The certificate's subject alternative names (SANs) and common name. Verify that the certificate actually covers the domain you're checking.
Use Cases
DevOps Certificate Monitoring
Run daily checks across all your domains and get alerted when any certificate is within 30 days of expiry. Prevent outages caused by expired SSL certificates before they happen.
Compliance Audits
Verify TLS versions and certificate configurations across your infrastructure for PCI DSS, SOC 2, and ISO 27001 compliance. Generate machine-readable evidence for auditors.
Vendor Security Assessment
Check third-party vendors' SSL configurations before integration. Identify partners using expired certificates, deprecated TLS versions, or misconfigured certificate chains.
Automated Alerting
Build alerting pipelines that check certificates on a schedule and send Slack, PagerDuty, or email notifications when expiry dates approach or TLS configurations degrade.
How It Works
One GET request returns the complete SSL certificate details as structured JSON.
cURL
curl "https://detectzestack.p.rapidapi.com/v1/certificate/check?url=example.com" \
-H "X-RapidAPI-Key: YOUR_KEY" \
-H "X-RapidAPI-Host: detectzestack.p.rapidapi.com"Example Response
{
"domain": "example.com",
"certificate": {
"subject": "CN=example.com",
"issuer": "CN=R3, O=Let's Encrypt, C=US",
"not_before": "2026-03-01T00:00:00Z",
"not_after": "2026-05-30T23:59:59Z",
"days_until_expiry": 45,
"serial_number": "03:a1:b2:c3:d4:e5:f6..."
},
"tls_version": "TLS 1.3",
"chain_length": 3,
"response_ms": 342
}Why Use an API vs Manual Checking
| Aspect | Manual Checking | DetectZeStack API |
|---|---|---|
| Scale | One domain at a time in a browser | Hundreds of domains via script or CI/CD |
| Automation | Manual browser clicks | Cron jobs, CI pipelines, monitoring tools |
| Alerting | Calendar reminders (if you remember) | Automated alerts on expiry threshold |
| TLS version detection | Requires openssl CLI knowledge | Included in every response |
| CI/CD integration | Not possible | Add as a deployment gate or post-deploy check |
| Output format | Browser UI / raw openssl text | Structured JSON for any language |
Included in All Plans
Certificate checks count against your existing API quota. No separate pricing, no add-ons.
| Plan | Requests/month | Price |
|---|---|---|
| Basic | 100 | $0/mo |
| Pro | 1,000 | $9/mo |
| Ultra | 10,000 | $29/mo |
| Mega | 50,000 | $79/mo |
Frequently Asked Questions
Can I check SSL certificates programmatically?
Yes. The DetectZeStack SSL Certificate Check API lets you check any domain's SSL certificate with a simple GET request. The API returns the certificate's expiry date, issuer, subject, TLS version, and full certificate chain as structured JSON. No browser or manual inspection needed.
What TLS versions does the API detect?
The API detects TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3. Each response includes the negotiated TLS version, so you can identify servers still running deprecated versions that pose security risks and may violate compliance requirements like PCI DSS.
How do I monitor SSL certificate expiry?
Call the certificate check endpoint on a schedule (daily or weekly) and check the days_until_expiry field in the response. Set up alerts when the value drops below your threshold (e.g., 30 days). For a step-by-step guide, read SSL Certificate Check API for DevOps.
Is there a free SSL certificate check API?
Yes. DetectZeStack offers a free tier with 100 API requests per month, which includes the SSL certificate check endpoint. No credit card required. Sign up on RapidAPI to get your free API key in under a minute.
Related Reading
- SSL Certificate Check API for DevOps — Automate cert monitoring in CI/CD pipelines
- Website Security Audit API — Grade security headers and detect vulnerable technologies
- Security Headers API — Check HTTP security headers programmatically
- DNS Intelligence API — Resolve all DNS record types in a single call
Start checking SSL certificates today
Free tier. No credit card required. Get your API key in 30 seconds.
Get Free API Key