expiration

How to retrieve the SSL cert expiration date from a PEM encoded certificate?

 in Bash / GNU/Linux  tagged certbot / certificate / enddate / expiration / openssl / PEM / ssl by

We use the following command to get the ending date of PEM encoded certificates that are generated using certbot and Let's Encrypt:

1
openssl x509 -enddate -noout -in fullchain.pem;

To get a list of all certificates and their expiration dates, we issue the following find command that executes the above snippet on each result while printing the name of the file first.

1
find ~/certificates/ -name "fullchain.pem" -print -exec openssl x509 -enddate -noout -in '{}' \;

In this example, the certificates are in our home folder under the name ‘certificates’. The results will look like the following sample:

/home/tux/certificates/example.com/fullchain.pem
notAfter=Aug 22 10:12:55 2021 GMT
/home/tux/certificates/site2.example.com/fullchain.pem
notAfter=Nov 22 03:22:44 2021 GMT