Domain & SSL Health Check
An expired SSL certificate takes your website offline and shreds customer trust in a single browser warning — and broken DNS or a blacklisted mail server quietly kills your email. Enter your domain to check the SSL/TLS certificate (issuer, expiry and hostname match), your DNS records and common mail blacklists live, then get a clear, prioritised list of what to fix.
Domain health for —
—
SSL/TLS certificate
DNS & resolution
Mail blacklists best-effort
We resolve your domain’s IP and query a couple of public DNS blacklists (DNSBLs) via public resolvers. This is a quick indicator only — public-resolver checks can be rate-limited or inconclusive, so treat a clean result as reassuring but not definitive.
Prioritised fixes
Strong result — the certificate is valid, DNS resolves cleanly and we found no blacklist hits. Keep certificate auto-renewal and expiry monitoring switched on so nothing lapses.
Use — Guide
How to use this tool
- Enter your domain name — for example, yourbusiness.com.au — and press "Check my domain".
- The tool runs DNS lookups from your browser and contacts our server-side SSL proxy simultaneously; results appear within seconds.
- Read the overall health band — Healthy, Needs attention or Critical — and the certificate headline showing days remaining.
- Review the SSL/TLS section for certificate validity, expiry date and hostname match, then check the DNS section for A, NS, MX and AAAA records.
- Scan the mail blacklists section for any listings that would affect email deliverability.
- Follow the prioritised fixes list, or send your result to Peritus Digital for help resolving any flagged issues.
FAQ — Questions
Frequently asked questions
01Is my domain checked server-side or from my browser?
DNS checks (A, MX, NS records) run directly from your browser using public DNS-over-HTTPS, so nothing is sent to Peritus Digital. The SSL/TLS certificate check calls our server-side proxy at /api/ssl-check.php, which performs the TLS handshake on your behalf — only the domain name is transmitted, no personal data.
02My SSL certificate says it's valid but the check flagged a hostname mismatch — why?
A hostname mismatch means the certificate was issued for a different domain name than the one you're visiting. Common causes: the certificate covers www.yourdomain.com but not yourdomain.com (or vice versa), or a wildcard certificate doesn't cover the subdomain you checked. Browsers show the same security warning for a mismatch as for an expired certificate.
03Why does SSL expiry matter — can't I just renew it when it expires?
When a certificate expires, every browser immediately shows a full-page security warning that blocks visitors from reaching your site. Renewals can fail silently (especially on shared hosting) and outages often happen at weekends or outside business hours. Auto-renewal and expiry monitoring are the only reliable defences.
04What is a mail blacklist and how do I get off one?
Mail blacklists (DNSBLs) are real-time databases of IP addresses known to send spam or malware. If your sending IP is listed, mail providers may silently reject or spam-folder your emails. To delist: identify why you were listed (often a compromised account or neighbour on shared hosting), fix the root cause, then request removal via the blacklist's own removal form.
More — Keep exploring
Related free tools
Want hands-on help, not just a check? Explore ourCyber Security service.
Let’s keep your domain healthy
These gaps leave you exposed — let's close them.
Our Newcastle team sets up automated SSL renewal and expiry monitoring, fixes DNS and mail-deliverability problems, and keeps your domain off blacklists — so your site stays up and your email lands in the inbox. Send your result through and we’ll come back with clear next steps.
Prefer to talk? Call 02 4081 9500.
