If you want to check SSL Certificate expires from the Linux command line, you can do that like this:

echo | openssl s_client -showcerts -servername www.kaper.com -connect www.kaper.com:443 | openssl x509 -noout -datesCode language: Bash (bash)

(Of course replace the www.kaper.com by the host you want to check).

Here’s a full example run:

$ echo | openssl s_client -showcerts -servername www.kaper.com -connect www.kaper.com:443 | openssl x509 -noout -dates
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = www.kaper.com
verify return:1
DONE
notBefore=Nov 30 23:17:48 2021 GMT
notAfter=Feb 28 23:17:47 2022 GMT
Code language: Bash (bash)

If you want to see some more details (for example to get a copy of the public certificates), use:

echo | openssl s_client -showcerts -servername kaper.com -connect kaper.com:443Code language: Bash (bash)

Don’t have openssl client? And you do not want to install it locally? You can also run it in docker:

# start an ubuntu image
docker run -ti --rm ubuntu

# inside the image, run:

apt-get update
apt-get install -y openssl
echo | openssl s_client -showcerts -servername kaper.com -connect kaper.com:443
exitCode language: Bash (bash)

Note: you can use the openssl check also for other transports than https. Just use 636 for ldaps for example.

---

Addition, June 15, 2023:

From the tip of Stephen, you can also do it like this, just using curl and grep (example for google.com):

$ curl --insecure -vvI https://google.com 2>&1 | grep -e "start date:" -e "expire date:"

*  start date: Jun 19 08:16:09 2023 GMT
*  expire date: Sep 11 08:16:08 2023 GMTCode language: JavaScript (javascript)

Thanks Stephen!