A simple script that checks if the SSL/TLS certificate for a given domain(s) will expire within an amount of time.
cert-check is a single Bash script and can be installed by copying it to a
location in your $PATH. For example, I copy it to:
/usr/local/bin
cert-check can be run interactively:
$ cert-check example.com
Multiple domains can be checked:
$ cert-check one.example.com two.example.com
By default cert-check will test if a certificate expires within the next 40
days, but the number of days can be changed using the -d option. To check if
the certificate for example.com expires within the next 14 days, use:
$ cert-check -d 14 example.com
If you supply an email address, an email will be sent when the expiry-status
for a given domain changes. The command below will check the certificate for
the domain example.com and will email foo@example.com if the certificate
will expire (once) or if the certificate will not expire.
$ cert-check -e foo@example.com example.com
If the expiry-status is not known, then an email will be sent. Thus, the first
time cert-check is run for a given domain, it will send an email notifying
the recipient of the current status. Thereafter, emails are only sent when the
status changes.
NOTE: If an email address is supplied, cert-check be be quiet and will
therefore work well with cron. When an email address is not supplied, it is
assumed the command is being run interactively and it is then slightly more
verbose.
Verbosity can be increased by adding the -v or -vv option (the latter being
for debugging purposes).
Add cert-check to cron using:
$ crontab -e
Then add the following line (change email-address and domains as required):
0 1 * * * /usr/local/bin/cert-check -e foo@example.com example.com