Connects to one or more domains via TLS, retrieves the certificate, and reports the expiration date. Colour-coded output: green (>30 days), yellow (7-30 days), red (<7 days or expired). Supports SNI, custom ports, and can run an alert command when certs are approaching expiry. Perfect for cron-driven certificate monitoring. JSON output mode for machine parsing.
SecurityTLSMonitoringCLI
Features
- Multi-domain scanning from args or config file
- Colour-coded expiry: green (>30d), yellow (7-30d), red (<7d)
- SNI support and custom ports
- Alert command execution on expiring certs
- JSON output for machine consumption
Flags
| Long | Short | Description |
|---|---|---|
| --version | -V | Show version and license |
| --config | -c | Path to JSON config with domains list |
| --days | -d | Warning threshold in days (default 30) |
| --alert | -a | Command to run on expiry |
| --json | -j | Output as JSON |
| --port | -p | Custom port (default 443) |
Usage
terminal
$ certwatch example.com google.com
$
$ certwatch --config domains.json --days 14 --alert 'notify.sh {domain} {days}'
Dependencies
stdlib only — ssl, socket, datetime
Install
$ curl -LO https://labs.stech-sol.com/downloads/certwatch/0.3.1/certwatch_0.3.1.tar.gz
$ tar xzf certwatch_0.3.1.tar.gz
$ chmod +x certwatch/certwatch.py
$ sudo ln -s $PWD/certwatch/certwatch.py /usr/local/bin/certwatch
About
Downloads
Verify integrity
SHA256 checksums