check-ssl-certs

check-ssl-certs

check-ssl-certs is a PHP script to monitor the expiration status of SSL/TLS certificates.  It can process directories containing certificates, and it can scan Apache and nginx site configuration files for certificates to check.  It can also check publicly-available Certificate Transparency Logs, allowing you to monitor certificates outside your possession and control. (This might be useful to prompt an unreliable party whose valid certificate you rely upon, to replace a certificate before it expires.) It will display the status of all certificates in the terminal, and it sends you email notices when there are certificates within a defined expiration window.

Concept and Theory of operation:
check-ssl-certs is intended to be run from once or twice a day, as a cron job, but a systemd service and timer files are also provided.  If any certificates are within the expiration window of time, an email is sent to an address of your choice.  Running check-ssl-certs manually displays the status of all certificates that it is configured to monitor.  It can handle LetsEncrypt-style directory layouts, and Apache/nginx directory layouts used by Debian and its derivatives (Ubuntu, Mint, etc.)  I am willing to modify it to work with other *nix operating systems like Red Hat and its derivatives and the BSDs, if you assist me with information and testing.

Documentation: Brief help is available when calling check-ssl-certs with its --help option. More detailed help is available by reading the man page. A sample configuration file is supplied as check-ssl-certs.conf-sample.php

License, Documentation:

View the current: README • License (GPL)

Version history:

Requirements, Download(s):

Requires PHP-CLI 7.4 or greater.   It needs to have PCRE, and POSIX compiled in or loaded as an extension.  Virtually all PHP installations meet this requirement.

Home