NOTES INDEX This page is part of the collection of "notes" - these can be considered to be micro-blogs.
Check SSL Certificate Expire From Command Line

Check SSL Certificate Expire From Command Line

If you want to check SSL Certificate expires from the Linux command line, you can do that like this:

echo | openssl s_client -showcerts -servername www.kaper.com -connect www.kaper.com:443 | openssl x509 -noout -datesCode language: Bash (bash)

(Of course replace the www.kaper.com by the host you want to check).

Here’s a full example run:

$ echo | openssl s_client -showcerts -servername www.kaper.com -connect www.kaper.com:443 | openssl x509 -noout -dates
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = www.kaper.com
verify return:1
DONE
notBefore=Nov 30 23:17:48 2021 GMT
notAfter=Feb 28 23:17:47 2022 GMT
Code language: Bash (bash)

If you want to see some more details (for example to get a copy of the public certificates), use:

echo | openssl s_client -showcerts -servername kaper.com -connect kaper.com:443Code language: Bash (bash)

Don’t have openssl client? And you do not want to install it locally? You can also run it in docker:

# start an ubuntu image
docker run -ti --rm ubuntu

# inside the image, run:

apt-get update
apt-get install -y openssl
echo | openssl s_client -showcerts -servername kaper.com -connect kaper.com:443
exitCode language: Bash (bash)

Note: you can use the openssl check also for other transports than https. Just use 636 for ldaps for example.


Addition, June 15, 2023:


From the tip of Stephen, you can also do it like this, just using curl and grep (example for google.com):

$ curl --insecure -vvI https://google.com 2>&1 | grep -e "start date:" -e "expire date:"

*  start date: Jun 19 08:16:09 2023 GMT
*  expire date: Sep 11 08:16:08 2023 GMTCode language: JavaScript (javascript)

Thanks Stephen!

December 19, 2021

2 thoughts on “Check SSL Certificate Expire From Command Line

    1. Thanks! But why does that script need root permissions? I would try to remove that if possible 😉 // (Ah, I see, to install it in /usr/local/bin, never mind, that’s fine).

Leave a Reply

Your email address will not be published. Required fields are marked *