sslexpired is a small serverless project written in Go for the OpenWhisk platform to quickly verify if an SSL certificate hosted at https://<your_domain_here> is going to expire any soon.
By default, response will contain an alert:true key if the certificate is expiring in less then 30 days (or if the host is not mentioned between the valid ones):
$ curl https://sslexpired.info/google.com
{
"notAfter": "2017-05-17 08:58:00 +0000 UTC",
"daysTolerance": 30,
"host": "google.com",
"response": "SSL certificate for google.com will expire in 72 days",
"validHosts": ["*.android.com", [...cut...],
"daysLeft": 72
}
The days parameter can be used to tweak the check tolerance, for example this request will alert because the certificate is expiring in 72 days and we ask for at least 100 days of validity:
$ curl https://sslexpired.info/google.com?days=100
{
"notAfter": "2017-05-17 08:58:00 +0000 UTC",
"daysTolerance": 100,
"alert": true,
"host": "google.com",
"response": "SSL certificate for google.com will expire in 72 days",
"validHosts": ["*.android.com", [...cut...],
"daysLeft": 72
}
- checks for expiration timestamp only, doesn't actual verify SSL validity
- only DNS names supported (i.e. no IP addresses)
Fetch the development environment installing OpenWhisk development Vagrant box and set up credentials for wsk tool as suggested
$ ./build.sh create
# ... edit code ...
$ ./build.sh update
$ ./build.sh run <project_name>
or fetch the api URL and use an http client
$ wsk -i api-experimental list /sslexpired
$ curl <https url>/?project=<project_name>
$ ./build.sh delete