Let’s Encrypt! Checking your HTTPS certificate expiration date

Let’s Encrypt offers free HTTPS certificate for your website.  The catch is that they are valid for only 90 days so the certificate has to be renewed four times a year.

The instructions here have made it painless to automatically renew the certificates via a cronjob.

However, if you want to manually check the certificates, here’s a nice shell script to give you a quick overview and shows how many days are left.

cert="/etc/letsencrypt/live/site.com/cert.pem"
echo " "
echo "############"
if openssl x509 -checkend 86400 -noout -in $cert
then
  echo "The certificate $cert is good for at least another day!"
  today=`date +%D`
  expiredate=`openssl x509 -enddate -noout -in $cert  | awk -F'=' '{print $2}'`
  expdate="date +%D --date='$expiredate'"
  ed=`eval $expdate`
  daysleft=`echo $(($(($(date -u -d "$ed" "+%s") - $(date -u -d "$today" "+%s"))) / 86400))`
  echo "        Today's date: $today , expiring on: $ed , $daysleft days left to go."
else
  echo "The certificate $cert has expired or will do so within 24 hours!"
  echo "(or is invalid/not found)"
fi
echo "############"
echo " "

The output looks like this:

############
The certificate /etc/letsencrypt/live/site.com/cert.pem is good for at least another day!
        Today's date: 03/08/16 , expiring on: 04/22/16 , 45 days left to go.
############

This entry was posted in Linux. Bookmark the permalink.