Check SSL Certificate Expire From Command Line
If you want to check SSL Certificate expires from the Linux command line, you can do that like this:
echo | openssl s_client -showcerts -servername www.kaper.com -connect www.kaper.com:443 | openssl x509 -noout -dates
Code language: Bash (bash)
(Of course replace the www.kaper.com by the host you want to check).
Here’s a full example run:
$ echo | openssl s_client -showcerts -servername www.kaper.com -connect www.kaper.com:443 | openssl x509 -noout -dates
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = www.kaper.com
verify return:1
DONE
notBefore=Nov 30 23:17:48 2021 GMT
notAfter=Feb 28 23:17:47 2022 GMT
Code language: Bash (bash)
If you want to see some more details (for example to get a copy of the public certificates), use:
echo | openssl s_client -showcerts -servername kaper.com -connect kaper.com:443
Code language: Bash (bash)
Don’t have openssl client? And you do not want to install it locally? You can also run it in docker:
# start an ubuntu image
docker run -ti --rm ubuntu
# inside the image, run:
apt-get update
apt-get install -y openssl
echo | openssl s_client -showcerts -servername kaper.com -connect kaper.com:443
exit
Code language: Bash (bash)
Note: you can use the openssl check also for other transports than https. Just use 636 for ldaps for example.