Consider this scenario, you have a web app or website up and running and secured by a Let’s Encrypt certificate. The latter statement has no problem until you start wondering when you installed the Let’s Encrypt SSL certificate associated with your domain name and how many days you have towards its expiration.
This article will walk us through a valid solution and also provide an alternate permanent solution so that we do not ever have to worry about the Let’s Encrypt SSL certificate’s expiration dates.
- An up-to-date Linux server for performance optimization.
- A sudoer/root user privileges.
- A registered domain name.
- An installed and active Let’s Encrypt SSL Certificate.
Checking Let’s Encrypt SSL Certificate Expiration Date
To know the exact date our SSL certificates expire, we can make use of a Bourne shell script called ssl-cert-checker, which can be retrieved via the wget command in the following manner:
$ wget https://raw.githubusercontent.com/Matty9191/ssl-cert-check/master/ssl-cert-check
Make the script executable using the chmod command:
$ chmod u+x ssl-cert-check
To view all the options associated with the use of the ssl-cert-check script, run:
$ ./ssl-cert-check -h
To check the Let’s Encrypt SSL certificate expiration date for your domain use the following command.
$ ./ssl-cert-check -c /etc/letsencrypt/live/linuxshelltips.com/fullchain.pem
If you can access the
.pem certificate file like in the case above, you can still check the status and expiration date by specifying the server
(-s) and port
(-p) in use:
$ ./ssl-cert-check -s linuxshelltips.com -p 443
To determine the issuer of the certificate, we will use the
$ ./ssl-cert-check -i -s linuxshelltips.com -p 443
Let’s Encrypt SSL Certificate Auto-Renewal
If you do not want to keep worrying about when your SSL certificate will expire, use crontab to configure SSL certificate auto-renewal.
$ sudo crontab -e
For instance, the following crontab entry ensures that an installed SSL certificate is renewed once a month.
0 0 1 * * /opt/letsencrypt/letsencrypt-auto renew
We can also add another entry for the automatic update of Let’s Encrypt.
0 0 1 * * cd /opt/letsencrypt && git pull
Save and close the file.
We can now be able to check the SSL certificate expiration date of any domain name either from the
.pem certificate file or by specifying the server/domain name and port. Hope this article guide was useful, feel free to leave a comment or feedback.