How to check when an HTTPS certificate expires

• Posted 22 February 2024
• Tagged with curl, https

You can check whether a certificate is about to expire using the following openssl command:

openssl s_client -connect example.com:443 </dev/null 2>/dev/null \
  | openssl x509 -checkend "$SECONDS"

This will exit with status 0 if the certificate won’t expire before $SECONDS have passed, and status 1 if it will.

Alternatives considered

• My first thought was to try using curl and parse the output (like this post in Nick Janetakis’s blog) but that felt a bit fragile. Additionally, curl doesn’t print the certificate details if you get an immediate redirect.

  This led me to a Server Fault question, where I was pointed to the openssl x509 command.