Skip to content

14ten/certcheck

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

80 Commits
.github
.github
 
 
examples
examples
 
 
.gitignore
.gitignore
 
 
.golangci.yml
.golangci.yml
 
 
.goreleaser.yml
.goreleaser.yml
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
checker.go
checker.go
 
 
checker_err_test.go
checker_err_test.go
 
 
checker_issuer_test.go
checker_issuer_test.go
 
 
checker_test.go
checker_test.go
 
 
color.go
color.go
 
 
go.mod
go.mod
 
 
input.go
input.go
 
 
input_test.go
input_test.go
 
 
main.go
main.go
 
 
output.go
output.go
 
 
output_bench_test.go
output_bench_test.go
 
 
output_csv_test.go
output_csv_test.go
 
 
output_status_test.go
output_status_test.go
 
 
output_test.go
output_test.go
 
 
version.go
version.go
 
 

Repository files navigation

certcheck

ci go report license

A small Go CLI that checks TLS certificate expiry across a list of hosts. Useful for daily cron jobs, monitoring pipelines, or a quick sanity check.

Install

# from source
go install github.com/14ten/certcheck@latest

# docker
docker run --rm ghcr.io/14ten/certcheck:latest example.com

Pre-built binaries (linux / macOS / windows on amd64 + arm64) are attached to each release.

Usage

# Arguments
certcheck example.com github.com:443 cloudflare.com

# Stdin (one host per line, # comments allowed)
cat hosts.txt | certcheck --json

# Tighter thresholds
certcheck --warn-days 14 --crit-days 3 example.com

Output

HOST          EXPIRES     DAYS  STATUS  ISSUER
example.com   2026-08-12  82    OK      DigiCert TLS RSA SHA256 2020 CA1
api.test      2026-06-04  13    WARN    Let's Encrypt R3
expired.test  -           -     ERR     tls handshake failed

Flags

Flag Default Description
--warn-days 30 Warn when cert expires within N days
--crit-days 7 Critical when cert expires within N days
--json false Emit JSON instead of a table
--workers 8 Concurrent checks
--timeout 5s Per-host TLS dial timeout

Exit codes

Code Meaning
0 all certs OK
1 at least one WARN
2 at least one CRIT
3 a check errored

Exit codes are designed to plug straight into Nagios-style monitoring.

License

MIT — see LICENSE.

About

Small Go CLI for TLS certificate expiry monitoring

Resources

Readme

License

MIT license

Contributing

Contributing
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages