SSL Certificate Checker, checks local certificates or the Certificate Transparency List at https://crt.sh
https://gothamcode.com/check-ssl-certs
| check-ssl-certs | ||
| check-ssl-certs.1 | ||
| check-ssl-certs.1.scd | ||
| check-ssl-certs.conf-sample.php | ||
| check-ssl-certs.cron | ||
| check-ssl-certs.service | ||
| check-ssl-certs.timer | ||
| INSTALL | ||
| install.sh | ||
| LICENSE | ||
| README | ||
| README.md | ||
check-ssl-certs
SSL Certificate Checker
Displays status of certificates, or emails when there are warnings, expirations, or missing certificates.
To run from cron or a systemd timer: check-ssl-certs --check
To display certificates status in terminal: check-ssl-certs
To display certificates status in terminal sorted by expiration: check-ssl-certs --expires
To display help: check-ssl-certs --help
Manpage: man check-ssl-certs
For Certbot, $certdir should be: /etc/letsencrypt/live
$certdir is the directory the FQDNs are in, ie: /path/to/certs/example.com would be /path/to/certs
Configuration variables you can set in /etc/check-ssl-certs.conf.php
| Variable | Description | Default |
|---|---|---|
| $mailfrom | email address report is sent by | root |
| $mailfromname | name of email sender | SSL Expiration Monitor |
| $mailto | email address report is sent to | root |
| $certdirs | directories LetsEncrypt certs are in | /etc/ssl/dehydrated and /etc/letsencrypt/live |
| $apachesites | directory Apache site configs are in | /etc/apache2/sites-enabled |
| $nginxsites | directory nginx site configs are in | /etc/nginx/sites-enabled |
| $sslexpirewarndays | days before expiration to warn about | 21 |
| $checkwebs | whether or not to check Web site configs | TRUE |
| $checkcertdirs | whether or not to check LetsEncrypt dirs | TRUE |
See: check-ssl-certs.conf-sample.php
Running check-ssl-certs automatically
To run from /etc/cron.d see: check-ssl-certs.cron
To run from systemd timer see: check-ssl-certs.service and check-ssl-certs.timer