How to display days till certificate expiration

Use openssl command line utility to calculate and display days till certificate expiration.

#!/bin/bash
# Print the number of days till certificate expiration
#
# Example:
#   $ check_cert.sh sleeplessbeastie.eu
#   81
#   $ check_cert.sh lwn.net
#   630
#
# Exit codes:
#   0   - certificate is not expired
#   1   - certificate is     expired
#   254 - certificate is empty
#   255 - DNS resolution failed
#

# temporary file to store certificate
certificate_file=$(mktemp)

# delete temporary file on exit
trap "unlink $certificate_file" EXIT

if [ "$#" -eq "1" ]; then
  website="$1"
  host "$website" >&-
  if [ "$?" -eq "0" ]; then
    echo -n | openssl s_client -servername "$website" -connect "$website":443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $certificate_file
    certificate_size=$(stat -c "%s" $certificate_file)
    if [ "$certificate_size" -gt "1" ]; then
      date=$(openssl x509 -in $certificate_file -enddate -noout | sed "s/.*=\(.*\)/\1/")
      date_s=$(date -d "${date}" +%s)
      now_s=$(date -d now +%s)
      date_diff=$(( (date_s - now_s) / 86400 ))
      echo "$date_diff"
      if [ "$date_s" -gt "$now_s" ]; then
        exit 0 # ok
      else
        exit 1 # not ok
      fi
    else
      exit 254
    fi
  else
    exit 255
  fi
fi

Sample usage.

$ check_cert.sh sleeplessbeastie.eu
81
$ check_cert.sh lwn.net
630

You can easily extend it to provide more detailed information.

Milosz Galazka's Picture

About Milosz Galazka

Milosz is a Linux Foundation Certified Engineer working for a successful Polish company as a system administrator and a long time supporter of Free Software Foundation and Debian operating system.

Gdansk, Poland https://sleeplessbeastie.eu