cloudflare.com TLS certificate

Certificate details

Subject CN

cloudflare.com

Issuer

Google Trust Services / WE1

Valid from

Mar 12, 2026, 08:59 PM (43d ago)

Valid to

Jun 10, 2026, 09:59 PM (1s ago)

Days remaining

46

Key

EC prime256v1

Signature

ECDSA-PRIME256V1

Hostname match

yes

SHA-256 fingerprint

DA:9F:CA:34:E8:21:86:5E:30:66:DB:0F:02:94:92:01:3B:65:17:F1:4A:AF:5A:69:3A:BD:E9:A4:8A:17:4C:19

Subject Alternative Names (5)

What to try next

Methodology

Probe

We open a TLS handshake to port 443 with the supplied hostname as the SNI, read the peer certificate via getPeerCertificate(true), and validate the hostname against subjectAlternativeName via tls.checkServerIdentity.

Counts as DOWN

The TLS handshake fails entirely (TCP refused, handshake timeout, or rejected ClientHello) — we couldn't read a certificate at all.

Counts as DEGRADED

Reserved for soon-to-expire certificates and warning-only validation issues like a self-signed cert. Browsers may still warn even when our check labels the cert valid.

Detail

All certificate details come from getPeerCertificate(true) on the established socket. We do not enumerate cipher suites, test downgrade attacks, or scan for protocol-level weaknesses; this is read-only certificate inspection.

Cadence

Every 5 minutes, in parallel across 4 monitoring regions (US East Virginia, US West Oregon, Europe London, Asia Singapore).

Rate-limited targets

If a host returns 429 or consistently drops connections from our IPs, we cap retries at 3 and report the last observed status — we do not flood the target to confirm the outage.

Data source

Direct probes from our monitoring infrastructure. We do not aggregate crowd reports, Twitter mentions, or DownDetector signals — every result on this page is a live network request.