# Certificate Health Checks
#### Real-Time SSL Health Report
At the top of the page, you’ll see a confirmation banner:
> *No certificate health checks have failed*
This means your current SSL certificate has passed all critical verification checks.
***
#### 🔍 Certificate Checks Performed
Varsuite Core performs the following automated tests on your certificate:
| Check | Description | Result |
| ------------------------------ | -------------------------------------------------------------- | ------ |
| **Certificate is valid** | Confirms the certificate is recognised and not broken | Passed |
| **Not expiring soon** | Warns if the expiry is approaching | Passed |
| **Correct domain** | Ensures the certificate matches your domain (CN/SAN check) | Passed |
| **Currently active** | Confirms the certificate is already in use (not in the future) | Passed |
| **Not expired** | The certificate is still within its valid date range | Passed |
| **Not self-signed** | Verifies that a trusted certificate authority issued the cert | Passed |
| **Secure hashing algorithm** | Confirms modern, secure algorithms are used (e.g. SHA-256) | Passed |
| **Known public key algorithm** | Uses a widely accepted key type (e.g. RSA or ECDSA) | Passed |
These checks protect you against common SSL misconfigurations, weak security and lapsed certificates.
***
#### Main Certificate Details
In addition to status checks, Varsuite Core displays vital metadata about your current SSL certificate:
| Detail | Example |
| -------------- | ---------------------------------------------- |
| **Issuer** | e.g. `R10` (certificate authority) |
| **Valid From** | e.g. `04/06/2025, 21:23` |
| **Valid To** | e.g. `02/09/2025, 21:23` *(79 days remaining)* |
| **Lifetime** | 89 days (how long the cert was issued for) |
This gives your team all the context needed to plan renewals or monitor for anomalies.
***
#### Why Certificate Monitoring Matters
An expired or invalid SSL certificate can:
* Make your site appear “Not Secure” in browsers
* Trigger email, API, or CDN failures
* Block users from accessing your site
* Hurt your SEO and credibility
Varsuite helps you catch these issues **before** they become public problems.
***
#### Best Practices
* Enable **Alert Rules** to be notified when expiry is approaching (e.g. 30 days remaining)
* Always use certificates from trusted CAs (avoid self-signed certs in production)
* Monitor renewals if using Let's Encrypt or auto-renew systems
* Re-check certificates after server migrations or CDN integrations
***
#### Tip: Integrates With Other Monitoring
The Certificate Health page complements:
* **Uptime Monitoring** – for full HTTPS availability
* **DNS Monitoring** – to verify that A/AAAA records and CNAMEs resolve correctly
* **Application Health Checks** – to catch if SSL breaks site functionality
***
With Varsuite Core’s Certificate Health monitoring, you can sleep easy knowing your SSL setup is always valid, secure and future-proofed. No more embarrassing expired certs or warning screens; just peace of mind.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.vs-core.com/domain-tools/certificate-health-checks.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
