Home Linux Commandline Tools How to Check Let’s Encrypt SSL Certificate Expiration Date

How to Check Let’s Encrypt SSL Certificate Expiration Date

Categories Linux Commandline Tools Leave a comment

Consider this scenario, you have a web app or website up and running and secured by a Let’s Encrypt certificate. The latter statement has no problem until you start wondering when you installed the Let’s Encrypt SSL certificate associated with your domain name and how many days you have towards its expiration.

This article will walk us through a valid solution and also provide an alternate permanent solution so that we do not ever have to worry about the Let’s Encrypt SSL certificate’s expiration dates.

Prerequisites

  • An up-to-date Linux server for performance optimization.
  • A sudoer/root user privileges.
  • A registered domain name.
  • An installed and active Let’s Encrypt SSL Certificate.

Checking Let’s Encrypt SSL Certificate Expiration Date

To know the exact date our SSL certificates expire, we can make use of a Bourne shell script called ssl-cert-checker, which can be retrieved via the wget command in the following manner:

$ wget https://raw.githubusercontent.com/Matty9191/ssl-cert-check/master/ssl-cert-check

Make the script executable using the chmod command:

$ chmod u+x ssl-cert-check

To view all the options associated with the use of the ssl-cert-check script, run:

$ ./ssl-cert-check -h
ssl-cert-check Options
ssl-cert-check Options

To check the Let’s Encrypt SSL certificate expiration date for your domain use the following command.

$ ./ssl-cert-check -c /etc/letsencrypt/live/ubuntumint.com/fullchain.pem

If you can access the .pem certificate file like in the case above, you can still check the status and expiration date by specifying the server (-s) and port (-p) in use:

$ ./ssl-cert-check -s ubuntumint.com -p 443
Check SSL Certificate Expiration Date
Check SSL Certificate Expiration Date

To determine the issuer of the certificate, we will use the -i flag.

$ ./ssl-cert-check -i -s ubuntumint.com -p 443
Check SSL Certificate Issuer
Check SSL Certificate Issuer

Let’s Encrypt SSL Certificate Auto-Renewal

If you do not want to keep worrying about when your SSL certificate will expire, use crontab to configure SSL certificate auto-renewal.

$ sudo crontab -e

For instance, the following crontab entry ensures that an installed SSL certificate is renewed once a month.

  
0 0 1 * * /opt/letsencrypt/letsencrypt-auto renew

We can also add another entry for the automatic update of Let’s Encrypt.

0 0 1 * * cd /opt/letsencrypt && git pull
Auto Renew Let's Encrypt SSL Certificate
Auto Renew Let’s Encrypt SSL Certificate

Save and close the file.

We can now be able to check the SSL certificate expiration date of any domain name either from the .pem certificate file or by specifying the server/domain name and port. Hope this article guide was useful, feel free to leave a comment or feedback.

How to Install Let’s Encrypt SSL Certificate on Domain

How to Encrypt and Decrypt a Partition in Linux

Photo of author
Ravi Saive
I am an Experienced GNU/Linux expert and a full-stack software developer with over a decade in the field of Linux and Open Source technologies. Founder of TecMint.com, LinuxShellTips.com, and Fossmint.com. Over 150+ million people visited my websites.

Each tutorial at UbuntuMint is created by a team of experienced writers so that it meets our high-quality standards.

Was this article helpful? Please add a comment to show your appreciation and support.

RECOMMENDED ARTICLES

Got something to say? Join the discussion.

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published or shared. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.