Checking expiry dates of SSL certificates

Once again I missed the expiry date of one of the SSL certificates on my server. Therefore I am now using a cronjob to warn me early enough that a certificate is about to expire.

This is the script /usr/local/bin/ssl-cert-check which checks the expiry date of the certificate files passed as arguments:

#!/bin/bash
 
DAYS=30
 
for file in "$@"; do
    openssl x509 -checkend $(( 86400 * $DAYS )) -in "$file" > /dev/null
    if [ $? != 0 ]; then
        echo "==> Certificate $file is about to expire soon:"
        openssl x509 -enddate -in "$file" -noout
    fi
done

And the corresponding cronjob entry checking SSL certificates once a day:

MAILTO=root
6       6    * * *  nobody  /usr/local/bin/ssl-cert-check /etc/apache2/ssl/*.crt /etc/ssl/certs/dovecot.pem

3 thoughts on “Checking expiry dates of SSL certificates

  1. yikchee

    Thanks. This really helpful. I apply this on F5 load balancer device.

  2. Pingback: Let’s Encrypt SSL certificate expiry reminder | hibern8

Leave a Reply

Your email address will not be published.

ERROR: si-captcha.php plugin: GD image support not detected in PHP!

Contact your web host and ask them to enable GD image support for PHP.

ERROR: si-captcha.php plugin: imagepng function not detected in PHP!

Contact your web host and ask them to enable imagepng for PHP.

This site uses Akismet to reduce spam. Learn how your comment data is processed.