What is this
The TLS certificate is the file that secures your site with HTTPS. We check whether it is valid, whether it matches your hostname, and whether the chain is fully signed by a trusted CA.
Why it matters
An invalid or untrusted certificate triggers a red browser warning. Visitors leave, forms never reach you, mail clients refuse to connect.
How to fix it
TransIP: Open Web hosting > package > SSL. Enable a Let's Encrypt certificate (free, auto-renewal). Or upload your own certificate with the correct chain.
CloudFlare: SSL/TLS > Edge Certificates. Universal SSL is on by default. For strict end-to-end, switch to Full (strict) and put an Origin Certificate on your origin.
Strato or Antagonist: Request a Let's Encrypt certificate for your domain from the customer panel. Antagonist handles renewal automatically.
Other: Request a certificate via Let's Encrypt (certbot), ZeroSSL, or a commercial CA. Install cert + intermediates in your web server, restart, set up auto-renew.
Verify
curl -vI https://yourdomain.com 2>&1 | grep -E 'subject|issuer' or SSL Labs. An A or A+ score with a complete chain = good.