How to Check Let’s Encrypt SSL Certificate Expiration Date

Consider this scenario, you have a web app or website up and running and secured by a Let’s Encrypt certificate. The latter statement has no problem until you start wondering when you installed the Let’s Encrypt SSL certificate associated with your domain name and how many days you have towards its expiration.

This article will walk us through a valid solution and also provide an alternate permanent solution so that we do not ever have to worry about the Let’s Encrypt SSL certificate’s expiration dates.

Prerequisites

  • An up-to-date Linux server for performance optimization.
  • A sudoer/root user privileges.
  • A registered domain name.
  • An installed and active Let’s Encrypt SSL Certificate.

Checking Let’s Encrypt SSL Certificate Expiration Date

To know the exact date our SSL certificates expire, we can make use of a Bourne shell script called ssl-cert-checker, which can be retrieved via the wget command in the following manner:

$ wget https://raw.githubusercontent.com/Matty9191/ssl-cert-check/master/ssl-cert-check

Make the script executable using the chmod command:

$ chmod u+x ssl-cert-check

To view all the options associated with the use of the ssl-cert-check script, run:

$ ./ssl-cert-check -h 
ssl-cert-check Options
ssl-cert-check Options

To check the Let’s Encrypt SSL certificate expiration date for your domain use the following command.

$ ./ssl-cert-check -c /etc/letsencrypt/live/linuxshelltips.com/fullchain.pem

If you can access the .pem certificate file like in the case above, you can still check the status and expiration date by specifying the server (-s) and port (-p) in use:

$ ./ssl-cert-check -s linuxshelltips.com -p 443 
Check SSL Certificate Expiration Date
Check SSL Certificate Expiration Date

To determine the issuer of the certificate, we will use the -i flag.

$ ./ssl-cert-check -i -s linuxshelltips.com -p 443 
Check SSL Certificate Issuer
Check SSL Certificate Issuer

Let’s Encrypt SSL Certificate Auto-Renewal

If you do not want to keep worrying about when your SSL certificate will expire, use crontab to configure SSL certificate auto-renewal.

$ sudo crontab -e 

For instance, the following crontab entry ensures that an installed SSL certificate is renewed once a month.

  
0 0 1 * * /opt/letsencrypt/letsencrypt-auto renew

We can also add another entry for the automatic update of Let’s Encrypt.

0 0 1 * * cd /opt/letsencrypt && git pull
Auto Renew Let's Encrypt SSL Certificate
Auto Renew Let’s Encrypt SSL Certificate

Save and close the file.

We can now be able to check the SSL certificate expiration date of any domain name either from the .pem certificate file or by specifying the server/domain name and port. Hope this article guide was useful, feel free to leave a comment or feedback.

Got something to say? Join the discussion.

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.