Cert Expiry Checker

Command-line tool to check SSL certificate expiration dates

ChainTools

Overview

Cert Expiry Checker is a lightweight command-line tool designed to help system administrators and DevOps teams monitor SSL certificate expiration dates across multiple domains. It provides a simple way to check how many days remain until a certificate expires, helping prevent unexpected certificate expirations that could lead to service outages.

SSL certificate monitoring is a critical aspect of maintaining secure and reliable web services. The Cert Expiry Checker makes this task straightforward by providing clear, actionable information about certificate status.

The tool supports checking individual domains or multiple domains at once, with customizable warning thresholds to alert you when certificates are nearing expiration. It's designed to be easily integrated into automated monitoring systems and DevOps workflows.

Key Features

  • Simple Command-line Interface - Check certificate expiration with a single command.
  • Multiple Domain Support - Check multiple domains at once by specifying them as arguments or via a file.
  • Customizable Thresholds - Set custom warning thresholds for when certificates are nearing expiration.
  • Detailed Output - Get comprehensive information about certificate validity, issuer, and expiration date.
  • Exit Codes - Returns specific exit codes based on certificate status, making it suitable for automated monitoring.
  • Easy Integration - Designed to work with monitoring systems, CI/CD pipelines, and cron jobs.

Installation

Cert Expiry Checker can be installed directly from GitHub:

git clone https://github.com/ChainTools-Tech/cert_expiry_checker
cd cert_expiry_checker
chmod +x cert_expiry_checker.sh

Requirements

  • Bash shell environment
  • OpenSSL installed on the system
  • Basic command-line knowledge

Usage

The tool can be used to check a single domain or multiple domains at once:

# Check a single domain
./cert_expiry_checker.sh example.com

# Check multiple domains
./cert_expiry_checker.sh example.com example.org example.net

# Check domains from a file (one domain per line)
./cert_expiry_checker.sh -f domains.txt

# Set a custom warning threshold (default is 30 days)
./cert_expiry_checker.sh -w 60 example.com

# Show detailed certificate information
./cert_expiry_checker.sh -v example.com

Output Examples

Here are examples of the tool's output for different scenarios:

Single Domain Check

$ ./cert_expiry_checker.sh example.com

Checking certificate for example.com:443
Certificate for example.com expires in 87 days (2025-07-18)
Status: OK

Multiple Domain Check

$ ./cert_expiry_checker.sh example.com expired-site.com about-to-expire.com

Checking certificate for example.com:443
Certificate for example.com expires in 87 days (2025-07-18)
Status: OK

Checking certificate for expired-site.com:443
Certificate for expired-site.com has EXPIRED (-45 days) on 2025-03-08
Status: ERROR

Checking certificate for about-to-expire.com:443
Certificate for about-to-expire.com expires in 12 days (2025-05-04)
Status: WARNING (expires soon)

Automation

The Cert Expiry Checker can be easily automated using cron jobs to regularly check your certificates and alert you when they're nearing expiration:

# Add to crontab (crontab -e):
0 8 * * * /path/to/cert_expiry_checker.sh -f /path/to/domains.txt -w 30 | grep -i "warning\|error" | mail -s "Certificate Expiration Alert" admin@example.com

This cron job runs daily at 8:00 AM, checks all domains in a file, and emails alerts for any certificates expiring within 30 days.

Related Resources

  • OpenSSL Documentation - Official documentation for OpenSSL, which powers the certificate checking functionality
  • Let's Encrypt - Free, automated, and open certificate authority
  • SSL Labs - Advanced testing tool for SSL/TLS configurations