Script to check validity and expiration of TLS/SSL certificate on remote host. Supports: TLS SNI and STARTTLS for protocols like SMTP; internationalized domain names with Punycode(uses libidn); allowing self-signed certs as valid; JSON output; supports any additional s_client options.
This is a simple utility written in Go to check SSL certificates for a list of hosts. Each certificate in the host’s certificate chain is checked for the following:
Expiration date. By default, you will be warned if a certificate will expire within 30 days. This can be adjusted with -years=X, -months=X, and/or -days=X.
Signature algorithm. Some algorithms have already been sunset, others are in the process of being sunset. This can be spammy, so you can disable the check with -check-sig-alg=false.
Command line tool to check the validity and expiration dates of SSL certificates.
Certbot is a widely-used open-source tool that automates the process of obtaining and renewing SSL certificates from Let’s Encrypt, a free certificate authority. It includes a command-line interface that can be scheduled to check for certificate expiration and automatically renew certificates.
OpenSSL is an open-source toolkit that provides support for secure communication using SSL/TLS protocols. It includes command-line tools like openssl and x509, which can be used to view certificate details, including the expiration date. By scripting these commands, you can create a custom solution to periodically check certificate expiration.
Monitoror is an open-source monitoring application that allows you to create custom dashboards to track various metrics. It has a plugin called “CertExpiry” that can be used to monitor SSL certificate expiration. You can self-host Monitoror and configure it to check the expiration date of your SSL certificates.
Zabbix is an open-source monitoring solution that can be extended to perform SSL certificate expiration checks. By using the built-in features of Zabbix, you can configure it to monitor SSL certificates and send alerts when the expiration date is approaching.
Nagios is a popular open-source monitoring system that can be extended with plugins to check SSL certificate expiration. There are various plugins available, such as check_ssl_cert and check_http, that can be configured to monitor SSL certificates and generate alerts when certificates are about to expire.
Prometheus + Blackbox Exporter:
Prometheus is an open-source monitoring and alerting system, and the Blackbox Exporter is a component that allows for probing and monitoring various endpoints. By configuring the Blackbox Exporter to check SSL certificates’ expiration dates, you can monitor certificate validity and set up alerts accordingly.