Check Expiring Certs is a fast and simple tool designed for efficiently monitoring HTTPS certificates expiration. It warns if an SSL/TLS certificate on a specified hosts is due to expire within a configurable number of days.
-
Using Go:
- Install Go (version 1.x or later recommended).
- Run the following command:
go install github.com/ei-grad/check-expiring-certs@latest
-
Alternative Method - Github Releases:
- Download the archive:
- Visit the releases page.
- Choose and download the file for your operating system and platform
(amd64 or arm64). For Mac/Linux, it's a
.tar.gz
file, and for Windows, it's a.zip
file.
- Extract the Archive:
- For Mac/Linux: Use the command
tar -xzf [filename].tar.gz
in the terminal. - For Windows: Right-click the
.zip
file and select "Extract All...".
- For Mac/Linux: Use the command
- Using the Executable:
- For Mac/Linux: In the terminal, navigate to the extracted folder and run
./check-expiring-certs
. - For Windows: Open Command Prompt, navigate to the extracted folder, and
run
check-expiring-certs.exe
.
- For Mac/Linux: In the terminal, navigate to the extracted folder and run
- Download the archive:
Run the command with the following syntax:
check-expiring-certs [options] <host:port> [<host:port> ...]
It exits with return code 1 if any certificates are expiring soon or
connections failed, and writes a message like 'Certificate for host
(common-name
) expires in time-until-expiration
'. Connection errors are also
logged to stdout.
The tool accepts host:port
arguments, defaulting to port 443 if omitted, and
allows server_name:host:port
to specify a different server name for TLS SNI.
-warn N
: Warn if a certificate is expiring within N days (default: 7).-timeout DURATION
: Set a timeout for each connection (default: 2s).-c N
: Specify the number of concurrent checks (default: 128).
-
Checking multiple domains:
check-expiring-certs -warn 14 google.com github.com
-
Custom timeout and checking internal IPs:
check-expiring-certs -warn 30 -timeout 5s 10.0.0.1:8443 192.168.0.5:9443
-
Checking an IPv6 address:
check-expiring-certs [2a02:6b8:a::a]:443
-
Custom IP address to connect:
check-expiring-certs github.com:1.2.3.4:443
This project is licensed under the MIT License.