Check SSL certificate expiry from the command line.
pip install certguarduv tool install certguardbrew install hamzaplojovic/tap/certguardCheck a single host:
certguard check example.comCheck multiple hosts at once:
certguard check example.com google.com github.comUse a custom port:
certguard check example.com:8443Read hosts from a file (one per line, comments with #):
certguard check --file hosts.txtOutput as JSON:
certguard check example.com --jsonSet a custom warning threshold (default is 30 days):
certguard check example.com --warn-days 14certguard prints a table with one row per host. Columns include the host, port, status, expiry date, days remaining, and certificate issuer.
Status is color-coded:
- OK (green) means the certificate is valid and not expiring soon.
- EXPIRING (yellow) means the certificate expires within the warning threshold.
- EXPIRED (red) means the certificate has already expired.
- ERROR (red) means the connection failed (DNS, timeout, refused, etc.).
The exit code is 0 if all certificates are valid and not expiring soon, or 1 if any certificate is expired, expiring, or unreachable.
| Option | Short | Description |
|---|---|---|
--file PATH |
-f |
Read hosts from a file |
--json |
-j |
Output results as JSON |
--warn-days N |
-w |
Warning threshold in days (default: 30) |
--timeout N |
-t |
Connection timeout in seconds (default: 10) |
--version |
-V |
Show version and exit |
I got tired of manually checking certificate expiry dates across a bunch of domains. I wanted a single command I could run (or throw into a cron job) that tells me which certs are about to expire so I can fix them before they cause downtime. certguard does that and nothing more.
MIT