Live stream set for 2025-04-25 at 14:00:00 Eastern
Ask questions in the live chat about any programming or lifestyle topic.
This livestream will be on Odysee or you can watch below.
Check Certificate Expiry Date
Regular monitoring of SSL expiry dates is essential for maintaining website security. Expired certificates create a security vulnerability, impacting trust and potentially damaging the reputation of the website.
Stay updated on the SSL Certificate expiry date by using OpenSSL to ensure optimal performance and security. Manual checks are time-consuming and prone to error, especially when managing multiple websites. Automated checks ensure proactive security measures, preventing downtime and potential issues.
Let’s Encrypt announced the end of its sending expiration notification emails service. Let’s Encrypt is a free, automated, and open Certificate Authority run by the nonprofit Internet Security Research Group (ISRG).
The focus of this tutorial will be on creating a custom script to check for the expiry date of a an SSL certificate using either command line OpenSSL or PHP and OpenSSL.
- Create a list of domains including subdomains to be tracked.
- Choose command line scripting language such as Bash or PHP.
- Create a script to check the listed domains.
- Manually run the script.
- Set up a cronjob to automate the script at least every 2 weeks.
Requirements For OpenSSL
Glossary:
SSL
Secure Sockets Layer is an encryption security protocol.
TLS
Transport Layer Security is a cryptographic protocol for secure communication over a network.
HTTPS
Hypertext Transfer Protocol Secure is an extension of the Hypertext Transfer Protocol (HTTP).
SSL Certificate
Digital certificate that authenticates a website’s identity and enables an encrypted connection between the web server and the browser.
CA
Certificate Authority or Certification Authority is an entity that stores, signs, and issues digital certificates.
Tools
| Name | Description | Example |
|---|---|---|
| Text editor | For creating and editing source code | Apache Netbeans IDE |
| SSH | Secure Shell Client | OpenSSH |
| Shell Access | Access to the command line. | Terminal |
| Name | Description | Example |
Obtain Certificate Dates Using OpenSSL
# Get SSL Expiry Date Via OpenSSL # openssl s_client -connect example.com:443 < /dev/null 2>/dev/null | openssl x509 -text | grep "Not After" # Get SSL Start And Expiry Dates # openssl s_client -connect example.com:443 < /dev/null 2>/dev/null | openssl x509 -text | grep "Not"
Obtain Certificate Dates Using PHP OpenSSL
/*
* check-cert.php
*
* Copyright 2025 Edward Ojambo <http://ojambo.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*
*
*/
$domain = "example.com";
$port = 443;
$contextCreate = stream_context_create(array("ssl" => array("capture_peer_cert" => true)));
$res = stream_socket_client("ssl://{$domain}:{$port}", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $contextCreate);
$context = stream_context_get_params($res);
$certInfo = openssl_x509_parse($context["options"]["ssl"]["peer_certificate"]);
echo date("Y-m-d H:i:s", $certInfo['validTo_time_t']);
Optional Cron Job Running Twice A Month
# Runs At Midnight On The 1st And 15th Every Month # 0 0 1,15 * * /path/to/your/script.sh
Explanation:
- Get the certificate using the
curlcommand. - Parse the certificate for the dates.
- The pseudo code is to simply compare the current day to the expiry date and then send an email notification to yourself if desired.
The Let’s Encrypt acme.sh command was not used because it might change due to the notifications policy change. Using other methods allows the monitoring to take place on the sever or remotely including on a workstation locally.
Usage
You can run OpenSSL on the command-line, or integrated into PHP as an extension. For this tutorial, OpenSSL was used to obtain the expiry date of a domain SSL Certificate. The command line tool and library curl can be downloaded from curl is also libcurl. PHP scripting language can be downloaded from PHP. Then the downloaded file is extracted directly on the server or locally before individual files are uploaded if applicable.
Open Source
OpenSSL is licensed under the Apache License 2.0. The permissive license has conditions requiring preservation of copyright and license notices. It allows commercial use, modification, distribution, and allows making derivatives proprietary, consult the license for more specific details.
The PHP scripting language is licensed under the PHP License. The permissive license has conditions requiring preservation of copyright and license notices. Redistribution is permitted in source or binary form with or without modifications, consult the license for more specific details.
Conclusion:
Let’s Encrypt is a free and easy way to obtain and manage SSL certificates. Manage notifications of your SSL Certificates manually or automated by cron jobs using OpenSSL on the command line or via PHP.
If you enjoy this article, consider supporting me by purchasing one of my WordPress Ojambo.com Plugins or programming OjamboShop.com Online Courses or publications at Edward Ojambo Programming Books or become a donor here Ojambo.com Donate
References:
- Customer Sets Price Plugin for WooCommerce on Ojambo.com
- Learning JavaScript Course on OjamboShop.com
- Learning Python Course on OjamboShop.com
- Learning PHP Course on OjamboShop.com
- Learning JavaScript Paperback on Amazon
- Learning JavaScript Ebook on Amazon
- Learning Python Ebook on Amazon
- Learning PHP Ebook on Amazon
- OjamboServices.com For Custom Websites, Applications & Tutorials