check-ssl-certs is a PHP script to monitor the expiration status of
SSL/TLS certificates. It can process directories containing
certificates, and it can scan Apache and nginx site configuration files for
certificates to check. It can also check publicly-available
Certificate Transparency Logs, allowing you to monitor certificates outside
your possession and control. (This might be useful to prompt an unreliable
party whose valid certificate you rely upon, to replace a certificate before
it expires.) It will display the status of all certificates in the terminal,
and it sends you email notices when there are certificates within a defined
expiration window.
Concept and Theory of operation:
check-ssl-certs is intended to be run from once or twice a day,
as a cron job, but a systemd service and timer files are also
provided. If any certificates are within the expiration window of
time, an email is sent to an address of your choice. Running check-ssl-certs
manually displays the status of all certificates that it is configured to
monitor. It can handle LetsEncrypt-style directory layouts, and
Apache/nginx directory layouts used by Debian and its derivatives (Ubuntu,
Mint, etc.) I am willing to modify it to work with other *nix
operating systems like Red Hat and its derivatives and the BSDs, if you
assist me with information and testing.
Documentation: Brief help is available when calling check-ssl-certs with its --help option. More detailed help is available by reading the man page. A sample configuration file is supplied as check-ssl-certs.conf-sample.php
You can ask for help with check-ssl-certs on the mailing list.
View the current: README • manpage • License (GPL) • License (BSD)