TLS / SSL certificate

wikipedia.org TLS certificate

wikipedia.org port 443 208.80.154.224

VALID

Valid certificate — 72 days remaining.

TLS · 56ms

1s ago

What this means

Browsers will accept this certificate. Plan a renewal before the expiry date below — most CAs auto-renew at 30 days remaining.

Certificate details

Subject CN: *.wikipedia.org
Issuer: Let's Encrypt / E7
Valid from: Apr 7, 2026, 08:52 PM (17d ago)
Valid to: Jul 6, 2026, 08:52 PM (1s ago)
Days remaining: 72
Key: EC prime256v1
Signature: ECDSA-PRIME256V1
Hostname match: yes
SHA-256 fingerprint: 47:20:A8:6F:44:0E:B4:8C:97:92:E5:CB:A9:C8:FE:8B:12:7C:80:6F:15:EA:60:75:07:24:BF:33:25:49:7A:9B

Subject Alternative Names (41)

*.m.mediawiki.org*.m.wikibooks.org*.m.wikidata.org*.m.wikimedia.org*.m.wikinews.org*.m.wikipedia.org*.m.wikiquote.org*.m.wikisource.org*.m.wikiversity.org*.m.wikivoyage.org*.m.wiktionary.org*.mediawiki.org +29 more

What to try next

Full HTTP probe

Run /check/wikipedia.org to see live HTTP status, response time, and 24h history alongside this cert.

Renewal reminder

Set a 30-day-before-expiry calendar reminder. Most outages caused by expired certs come from missed renewals.

Check related

Compare with related services or apex/subdomain combinations to spot inconsistencies.

Methodology

Probe: We open a TLS handshake to port 443 with the supplied hostname as the SNI, read the peer certificate via getPeerCertificate(true), and validate the hostname against subjectAlternativeName via tls.checkServerIdentity.
Counts as DOWN: The TLS handshake fails entirely (TCP refused, handshake timeout, or rejected ClientHello) — we couldn't read a certificate at all.
Counts as DEGRADED: Reserved for soon-to-expire certificates and warning-only validation issues like a self-signed cert. Browsers may still warn even when our check labels the cert valid.
Detail: All certificate details come from getPeerCertificate(true) on the established socket. We do not enumerate cipher suites, test downgrade attacks, or scan for protocol-level weaknesses; this is read-only certificate inspection.
Cadence: Every 5 minutes, in parallel across 4 monitoring regions (US East Virginia, US West Oregon, Europe London, Asia Singapore).
Rate-limited targets: If a host returns 429 or consistently drops connections from our IPs, we cap retries at 3 and report the last observed status — we do not flood the target to confirm the outage.
Data source: Direct probes from our monitoring infrastructure. We do not aggregate crowd reports, Twitter mentions, or DownDetector signals — every result on this page is a live network request.