Top Open‑Source Tools to Monitor HTTPS Certificate Expiration

Monitoring HTTPS certificate expiration is often overlooked; while many focus on infrastructure, applications, middleware, and observability, the simple act of checking certificate validity remains essential for reliable operations.

1. blackbox_exporter

Blackbox Exporter is an official Prometheus black‑box monitoring solution that can probe HTTP, HTTPS, DNS, TCP and ICMP.

HTTP test: define request headers and verify status, response headers, and body content.

TCP test: monitor service port status and define application‑layer protocols.

ICMP test: host liveness checks.

POST test: interface connectivity.

SSL certificate expiration monitoring.

2. EaseProbe

A simple, standalone, lightweight tool written in Go for health and status checks.

Performs probing, notification, and reporting.

Supports HTTP, TCP, SSH, SSL certificates, and various database/message‑queue services.

Multiple notification channels: email, Slack, Discord, Telegram, Feishu, etc.

Customizable alert routing and scheduled reports.

3. uptime‑kuma

An open‑source self‑hosted online uptime monitoring tool.

Monitors HTTP(s), TCP, keyword‑based HTTP(s), Ping, DNS records, push services, Steam Game Server, and more.

Rich notification channels including Telegram, Discord, Gotify, Slack, Pushover, SMTP and over 70 other services.

Supports multiple languages, provides clean status pages, ping charts, and certificate monitoring.

4. domain‑admin

A domain and SSL‑certificate monitoring platform built with Python and Vue 3.

Open‑source platform for domain and SSL certificate monitoring.

Automatic email reminders before certificate expiration.

Handles certificates from different providers to avoid missed renewals.

Runs on macOS, Linux and Windows.

5. Simple shell script

A Bash script that retrieves a certificate via

openssl s_client

, extracts the start and end dates, converts them to timestamps, and prints the remaining days.

<code># Fill in domain and port

domain="${1:-www.baidu.com}"
port="${2:-443}"

# Get certificate info
cert_info=$(echo | openssl s_client -servername $domain -connect $domain:$port 2>/dev/null | openssl x509 -noout -dates)

# Extract dates
start_date=$(echo "$cert_info" | grep -i "notBefore" | awk -F '=' '{print $2}')
end_date=$(echo "$cert_info" | grep -i "notAfter" | awk -F '=' '{print $2}')

# Convert to timestamps
start_timestamp=$(date -d "$start_date" +%s)
end_timestamp=$(date -d "$end_date" +%s)
current_timestamp=$(date +%s)

# Calculate remaining days
remaining_days=$(( ($end_timestamp - $current_timestamp) / 86400 ))

# Output
echo "Domain: $domain"
echo "Start date: $start_date"
echo "End date: $end_date"
echo "Remaining days: $remaining_days"</code>