With openssl:
openssl x509 -enddate -noout -in file.pem
The output is on the form:
notAfter=Nov 3 22:23:50 2014 GMT
Also see MikeW's answer for how to easily check whether the certificate has expired or not, or whether it will within a certain time period, without having to parse the date above.
Answer from that other guy on Stack Overflow Top answer 1 of 13
1093
With openssl:
openssl x509 -enddate -noout -in file.pem
The output is on the form:
notAfter=Nov 3 22:23:50 2014 GMT
Also see MikeW's answer for how to easily check whether the certificate has expired or not, or whether it will within a certain time period, without having to parse the date above.
2 of 13
260
If you just want to know whether the certificate has expired (or will do so within the next N seconds), the -checkend <seconds> option to openssl x509 will tell you:
if openssl x509 -checkend 86400 -noout -in file.pem
then
echo "Certificate is good for another day!"
else
echo "Certificate has expired or will do so within 24 hours!"
echo "(or is invalid/not found)"
fi
This saves having to do date/time comparisons yourself.
openssl will return an exit code of 0 (zero) if the certificate has not expired and will not do so for the next 86400 seconds, in the example above. If the certificate will have expired or has already done so - or some other error like an invalid/nonexistent file - the return code is 1.
(Of course, it assumes the time/date is set correctly)
Be aware that older versions of openssl have a bug which means if the time specified in checkend is too large, 0 will always be returned (https://github.com/openssl/openssl/issues/6180).
nixCraft
cyberciti.biz › nixcraft › howto › bash shell › how to check tls/ssl certificate expiration date from command-line
How to check TLS/SSL certificate expiration date from command-line
April 16, 2025 - See the following man pages (use the man command or help command) $ man x509 $ man s_client ... Vivek Gite is an expert IT Consultant with over 25 years of experience, specializing in Linux and open source solutions.
GitHub
gist.github.com › cgmartin › 49cd0aefe836932cdc96
Bash SSL Certificate Expiration Check · GitHub
#!/bin/bash file=$(cat /path/to/list/of/domains/list.txt) RECIPIENT="[email protected]" DAYS="3" for line in $file; do echo "checking if $line expires in less than $DAYS days"; expirationdate=$(date -d "$(: | openssl s_client -connect "$line":443 -servername "$line" 2>/dev/null \ | openssl x509 -text \ | grep 'Not After' \ |awk '{print $4,$5,$7}')" '+%s'); indays=$(($(date +%s) + (86400*DAYS))); if [ "$indays" -gt "$expirationdate" ]; then echo "expiring soon" echo "KO - Certificate for $line expires in less than $DAYS days, on $(date -d @"$expirationdate" '+%Y-%m-%d')" \ | mail -s
www.kaper.com
kaper.com › notes › check-ssl-certificate-expire-from-command-line
Check SSL Certificate Expire From Command Line – www.kaper.com
If you want to check SSL Certificate expires from the Linux command line, you can do that like this: echo | openssl s_client -showcerts -servername www.kaper.com -connect www.kaper.com:443 | openssl x509 -noout -datesCode language: Bash (bash) (Of course replace the www.kaper.com by the host ...
GeeksforGeeks
geeksforgeeks.org › linux-unix › how-to-check-tls-ssl-certificate-expiration-date-from-linux-cli
How to check TLS/SSL certificate expiration date from Linux CLI? - GeeksforGeeks
July 23, 2025 - TLS certificates typically include the following details: ... Below are the steps to view the expiration date of TLS/SSL from Linux CLI. Step 1: Open The CLI (Command-Line Interface) by pressing below keyboard keys.
Let's Encrypt
community.letsencrypt.org › help
How to find Certifications Expiry Date - Help - Let's Encrypt Community Support
December 19, 2017 - Good Morning! I have the following doubt: Which command should I run to check the expiration date of my certificates on my server? Operating System: Ubuntu Thank you!
DevOps.dev
blog.devops.dev › list-of-methods-for-checking-the-expiration-date-and-contents-of-ssl-certificate-914dc743ae1
List of Methods for Checking the Expiration Date and Contents of SSL Certificate | by Maciej | DevOps.dev
December 16, 2024 - Collected commands for checking the expiration date and contents of SSL certificates on the command line.
SSL Dragon
ssldragon.com › home › tutorials › openssl tutorials › how to check the ssl certificate expiration date with openssl
How to Check the SSL Certificate Expiration Date with OpenSSL?
February 13, 2025 - You can check certificate expiration with OpenSSL on various platforms. Despite slight differences in command syntax due to operating system variations, the outputs of these commands provide crucial information about the expiration date of your SSL certificates.
Askssl
askssl.com › how-to-check-ssl-certificate-expiration-date-in-linux
How to Check SSL Certificate Expiration Date in Linux – Free SSL Certificates
You can even check expiration dates for certificates on other servers: ... Replace www.example.com with the actual hostname. If you prefer not to use the command line, various online SSL checkers exist.
SSL Dragon
ssldragon.com › home › blog › advanced ssl › how to check an ssl certificate in linux with openssl
How to Check an SSL Certificate in Linux with OpenSSL
October 27, 2025 - Here’s how to check the SSL certificate expiration date in Linux: $ echo | openssl s_client -servername howtouselinux.com -connect yourplc.com:443 2>/dev/null | openssl x509 -noout -dates · You can also use an OpenSSL command to check the ...
Beyond Co., Ltd.
beyondjapan.com › https://beyondjapan.com/en/ › blog › osaka office › how to check the expiration date of a certificate using openssl command/option explanation
How to check the certificate expiration date using openssl command and option explanation | Beyond Co., Ltd.
July 16, 2025 - *This is not an option, but a specification concerning the standard output of Shell (in this environment, bash). Use "|" (pipe) to pass it to a command that loads the contents of the SSL certificate received through communication.
SSLInsights
sslinsights.com › home › wiki › how to check ssl certificate expiration date in linux
How to Check SSL Certificate Expiration Date in Linux
May 13, 2025 - For a faster check SSL certificate expiration date in Linux: curl -Iv https://example.com 2>&1 | grep "expire date" This extracts just the expiry date from the SSL handshake. The certbot check expiration command helps manage Let’s Encrypt ...
Address 1207 Delaware Ave #2838, 19806, Wilmington
Top answer 1 of 2
8
This should work
#!/bin/bash
website="xplosa.com"
certificate_file=$(mktemp)
echo -n | openssl s_client -servername "$website" -connect "$website":443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $certificate_file
date=$(openssl x509 -in $certificate_file -enddate -noout | sed "s/.*=\(.*\)/\1/")
date_s=$(date -d "${date}" +%s)
now_s=$(date -d now +%s)
date_diff=$(( (date_s - now_s) / 86400 ))
echo "$website will expire in $date_diff days"
rm "$certificate_file"
2 of 2
2
#!/bin/bash
# Based on https://askubuntu.com/questions/1198619/bash-script-to-calculate-remaining-days-to-expire-ssl-certs-in-a-website
### Read Site Certificate and save as File ###
echo -n | openssl s_client -servername $1 -connect $1:443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $1.crt
### Get Full Expiratoin Date ###
date=$(openssl x509 -in $1.crt -enddate -noout | sed "s/.*=\(.*\)/\1/" | awk -F " " '{print $1,$2,$3,$4}')
### Convert Expiration Date in Epoch Format ###
date_s=$(date -j -f "%b %d %T %Y" "$date" "+%s")
### Get Curent Date in Epoch Format ###
now_s=$(date +%s)
### Calculate Time Difference ###
date_diff=$(( (date_s - now_s) / 86400 ))
echo "Certificate for $1 will expire in $date_diff days"
WatchSumo
watchsumo.com › posts › check-ssl-certificate-expiry
WatchSumo | How to Check SSL Certificate Expiration Date Using OpenSSL
Learn to check SSL/TLS certificate expiration dates with OpenSSL commands on Linux
SUSE
suse.com › support › kb › doc
How to determine SSL certificate expiration date from the...
Loading · ×Sorry to interrupt · Refresh
Askssl
askssl.com › how-to-check-ssl-certificate-expiration-date-in-ubuntu
How to Check SSL Certificate Expiration Date in Ubuntu – Free SSL Certificates
OpenSSL is the go-to cryptographic toolkit in Ubuntu (and many other Linux flavors). Here’s how to use it to display a certificate’s expiration date: ... Remember to replace certificate.pem with the actual path to your certificate file. Look for the line “Not After” in the output.
SSLInsights
sslinsights.com › home › wiki › how to check ssl certificate expiration date using openssl
How to Check SSL Certificate Expiration Date Using OpenSSL
May 13, 2025 - Users can check SSL certificate expiration using the OpenSSL command: openssl x509 -enddate -noout -in certificate.pem. This command displays the exact expiration date of the SSL certificate.
Address 1207 Delaware Ave #2838, 19806, Wilmington
How to Use Linux
howtouselinux.com › home › 5 ways to check ssl certificate expiration date
5 Ways to Check SSL Certificate Expiration date - howtouselinux
August 28, 2021 - The openssl s_client command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS. It is a very useful diagnostic tool for SSL servers. It checks whether the certificate is valid, trusted, and complete. ... If an SSL certificate expires, the website will not be ...
Reddit
reddit.com › r/linuxadmin › how do i make my ssl cert expiry date checker application feature rich? (written in bash scripting linux gnu)
r/linuxadmin on Reddit: How do I make my SSL cert expiry date checker application feature rich? (Written in bash scripting linux GNU)
July 28, 2024 -
It's just few lines of code, and it works like a charm. This is what I am planning to do:
-
add error and exception handling (Yes in bash command line)
-
maybe add a gui using dialog but not sure if this is possible will see.
-
What else?
I don't want to use rust etc as I don't know them and I don't have free time to invest on it. All I am planning is to create some bash projects that I can list in my resume. I am 1.5 yoe support production implementor
Top answer 1 of 5
6
Why? U can find out about expiry using openssl: openssl x509 -in /path/to/mycert.pem -noout -enddate
2 of 5
2
Couple of ideas: For monitoring an option to return days/hours/minutes/seconds until expiration and for general scripting maybe simple check for expiration? Eg. to be used in another script to check if end-point cert expired, blurt out error and exit, instead of getting curl/java and whatnot stack traces later.