SSL Certificate Monitor

What This Does

A CLI tool to monitor SSL/TLS certificates for expiration dates, security issues, and basic compliance checks. Check single domains or multiple domains from a list, get detailed certificate information, and receive alerts before certificates expire.

Key features:

• - Check expiration dates for SSL certificates on domains and subdomains
• Detailed certificate info - issuer, subject, serial number, signature algorithm
• Security validation - check certificate chain, basic trust validation
• Batch monitoring - check multiple domains from a file or list
• Alert thresholds - warn when certificates expire within specified days (default 30 days)
• JSON output - machine-readable output for integration with monitoring systems
• Simple CLI interface - easy to use in scripts or cron jobs
• No external API required - uses Python's SSL/TLS libraries

When To Use

• - You need to monitor SSL certificate expiration for your websites
• You want to automate certificate renewal reminders
• You're managing multiple domains and subdomains
• You need to validate certificate chain and basic security
• You want to integrate SSL monitoring into your DevOps pipeline
• You're auditing domains for certificate compliance
• You need to check certificates on internal servers or development environments

Usage

Basic commands:

CODEBLOCK0

Examples

Example 1: Check single domain expiration

CODEBLOCK1

Output:
CODEBLOCK2

Example 2: Check with warning threshold

CODEBLOCK3

Output (if expiring within 30 days):
CODEBLOCK4

Example 3: Batch check from file

CODEBLOCK5

Output:
CODEBLOCK6

Example 4: JSON output for automation

CODEBLOCK7

Output:
CODEBLOCK8

Example 5: Certificate details

CODEBLOCK9

Output:
CODEBLOCK10

Requirements

• - Python 3.x
• INLINECODE0 library for certificate parsing (installed automatically or via pip)

Install missing dependencies:
CODEBLOCK11

Limitations

• - Only checks TLS certificates on standard ports (custom ports supported via --port)
• Requires network connectivity to target domains
• May be blocked by firewalls or network security policies
• Does not perform deep security audits (no revocation checking, weak cipher detection)
• No support for client certificate authentication
• Limited to standard TLS handshake (no SNI customization)
• May not work with self-signed certificates without custom trust stores
• No support for checking certificate transparency logs
• Rate limiting may affect checking many domains quickly
• No built-in notification system (output only)
• Does not check for mixed content or other web security issues
• No support for checking certificates in load balancers or CDNs directly
• Limited error handling for network timeouts or DNS failures
• No support for checking certificates in mobile apps or other non-web contexts

Directory Structure

The tool works with domain lists as text files (one domain per line). No special configuration directories are required.

Error Handling

• - Connection timeouts show helpful error messages with retry suggestions
• DNS resolution failures suggest checking domain spelling
• Certificate validation errors show certificate details and validation issues
• Port connection failures suggest checking firewall rules or service status
• File not found errors suggest checking file paths and permissions

Contributing

This is a skill built by the Skill Factory. Issues and improvements should be reported through the OpenClaw project.