/check Command — Instant SSL Certificate Lookup on Telegram

What it does

/check connects to the domain you specify on port 443, fetches the SSL certificate the public internet sees, and replies in your Telegram chat with the parsed details: when it expires, who issued it, what names it covers, and what algorithm it uses.

It's the fastest way to answer "is this certificate okay right now?" without leaving your phone or opening a browser tab.

Syntax

/check <domain>

Examples:

/check example.com

/check api.example.com

/check shop.example.co.uk

The bot accepts a bare domain. No https://, no path, no port. The certificate must be served on the public internet on port 443.

Sample output

🔒 SSL Certificate Check for example.com ✅ Status: Valid (30 days until expiry) 📅 Expires: 2026-06-15 23:59 UTC 📅 Issued: 2026-03-15 00:00 UTC 🏢 Issuer: Let's Encrypt Authority X3 🔖 Subject: CN=example.com, O=Example Corp 🔢 Serial: 03:A7:8B:2F:... 🔐 Algorithm: SHA256-RSA 🌐 Alt Names: example.com, www.example.com

Each emoji marks a separate field, so the response is easy to scan on a phone screen.

Errors explained in plain English

When something is wrong with the certificate, Certimon translates the underlying TLS error into a one-line description so you don't have to decode an OpenSSL error code:

Self-signed certificate

The certificate was not issued by a trusted certificate authority. Browsers will show a warning. Common on local dev environments and misconfigured staging boxes.

Expired certificate

The certificate is past its expiry date. The browser will block the page. Set a /remind so this never happens again.

Hostname mismatch

The domain you asked about isn't covered by the certificate's subject or alt names. Often happens when a CDN serves a default certificate instead of yours.

Connection issues

DNS didn't resolve, the host didn't reply, or port 443 is closed. The cert isn't necessarily broken — the server itself is unreachable.

Certificate chain problem

The intermediate certificate is missing from the bundle. Modern browsers download it automatically; older clients and some monitoring tools don't.

When to use /check vs /remind

/check is a one-off lookup — it tells you the state of the certificate right now. Use it to verify a fresh deployment, debug a customer report, or sanity-check a domain before you start using it.

/remind is the ongoing safety net — it makes Certimon watch the certificate for you and ping you before it expires. See the /remind command guide for the full setup.

Common questions

Does /check store the domain?

No. A bare /check is a one-shot lookup and doesn't add the domain to your watched list. Use /remind to start tracking expiry over time.

Can I check a non-standard port?

/check targets port 443. For ongoing monitoring of a custom port, see the port-suffix syntax in the /remind docs.

Does it work with Cloudflare-proxied domains?

Yes — Certimon checks the certificate the public internet sees, which for proxied domains is Cloudflare's edge cert. That's the cert your visitors actually validate against.

What if the domain is internal?

Certimon can only reach hostnames that resolve and answer publicly. For internal-only services, see the Prometheus SSL guide for an in-cluster check.