SSL/TLS certificates are the backbone of internet security. Every website serving HTTPS traffic depends on a valid certificate, and when that certificate expires, your users see scary browser warnings β or worse, your site becomes completely unreachable. For sysadmins managing dozens or hundreds of domains, manually tracking certificate expiry dates is unsustainable.
In this guide, we'll build a complete SSL certificate monitoring workflow using dargslan-ssl-checker, a free Python tool that checks certificate expiry, cipher suites, TLS versions, and more β all from the command line or your Python scripts.
Why SSL Certificate Monitoring Matters
Expired certificates cause real damage. According to industry reports, certificate-related outages cost enterprises an average of $300,000 per hour. Even for smaller organizations, an expired certificate means:
- Lost revenue β Users can't access your site or API endpoints
- SEO penalties β Google downgrades sites with certificate errors
- Security risks β Attackers can exploit the transition window
- Brand damage β Users lose trust when they see "Not Secure" warnings
Automated monitoring catches these issues weeks before they become emergencies.
Installing dargslan-ssl-checker
The tool installs in seconds with pip. It has zero external dependencies β everything uses Python's standard library, making it safe for production servers.
pip install dargslan-ssl-checkerOr install the complete toolkit that includes 15 sysadmin tools:
pip install dargslan-toolkitCommand-Line Usage
The dargslan-ssl command gives you instant certificate information:
# Check a single domain
dargslan-ssl google.com
# Check multiple domains at once
dargslan-ssl google.com github.com dargslan.com
# JSON output for scripting
dargslan-ssl google.com github.com --json
# Custom port (useful for non-standard HTTPS)
dargslan-ssl myserver.com -p 8443
# Set timeout for slow connections
dargslan-ssl remote-server.com -t 30Sample Output
============================================================
SSL Certificate Report: google.com
============================================================
Status: [OK] OK
Common Name: *.google.com
Issuer: Google Trust Services
Valid From: 2026-03-15T08:00:00
Valid Until: 2026-06-07T07:59:59
Days Left: 56
Protocol: TLSv1.3
Cipher: TLS_AES_256_GCM_SHA384 (256 bits)
Serial: 1A2B3C4D5E6F
SANs: *.google.com, google.com
============================================================Python API for Automation
The real power comes from integrating certificate checks into your existing monitoring scripts:
from dargslan_ssl_checker import SSLChecker
checker = SSLChecker(timeout=10)
# Basic certificate info
info = checker.get_cert_info("dargslan.com")
print(f"Days until expiry: {info['days_until_expiry']}")
print(f"Issuer: {info['issuer']}")
print(f"Protocol: {info['protocol']}")
print(f"Status: {info['status']}")
# Check if certificate is valid
if info['expired']:
print("CRITICAL: Certificate has expired!")
elif info['expiring_soon']:
print(f"WARNING: Certificate expires in {info['days_until_expiry']} days")Batch Domain Monitoring
# Monitor all your domains at once
domains = [
"dargslan.com",
"api.dargslan.com",
"blog.dargslan.com",
"shop.dargslan.com",
]
results = checker.check_multiple(domains)
for r in results:
if r.get('status') == 'OK':
print(f" [OK] {r['hostname']}: {r['days_until_expiry']} days left")
else:
print(f" [!!] {r['hostname']}: {r['status']} - {r.get('error', '')}")Find Expiring Certificates
# Alert on certificates expiring within 30 days
expiring = checker.check_expiring(domains, days_threshold=30)
for cert in expiring:
print(f"WARNING: {cert['hostname']} expires in {cert['days_until_expiry']} days")Automating with Cron
Set up a daily certificate check that sends alerts:
#!/usr/bin/env python3
# /opt/scripts/ssl-monitor.py
import smtplib
from email.message import EmailMessage
from dargslan_ssl_checker import SSLChecker
DOMAINS = ["example.com", "api.example.com"]
ALERT_DAYS = 30
ADMIN_EMAIL = "admin@example.com"
checker = SSLChecker()
expiring = checker.check_expiring(DOMAINS, days_threshold=ALERT_DAYS)
if expiring:
body = "SSL Certificate Expiry Warning:\n\n"
for cert in expiring:
body += f" {cert['hostname']}: {cert['days_until_expiry']} days left\n"
body += "\nCheck certificates: pip install dargslan-ssl-checker"
# Send alert email (configure SMTP)
print(body)Add to crontab for daily monitoring:
# Check SSL certificates daily at 9 AM
0 9 * * * /usr/bin/python3 /opt/scripts/ssl-monitor.py >> /var/log/ssl-monitor.log 2>&1Understanding TLS Versions and Cipher Suites
The SSL checker reports the TLS protocol version and cipher suite used. Here's what to look for:
TLS Protocol Versions
- TLS 1.3 β Current best. Faster handshake, stronger security
- TLS 1.2 β Still acceptable, widely supported
- TLS 1.1 or lower β Deprecated, security risk
Cipher Suite Assessment
- AES-256-GCM β Excellent, recommended
- AES-128-GCM β Good, fast performance
- ChaCha20-Poly1305 β Excellent for mobile devices
- RC4, DES, 3DES β Weak, should be disabled
OpenSSL Manual Commands Reference
Sometimes you need to use OpenSSL directly for deeper investigation:
# View certificate dates
echo | openssl s_client -connect example.com:443 2>/dev/null | \
openssl x509 -noout -dates
# Full certificate details
echo | openssl s_client -connect example.com:443 2>/dev/null | \
openssl x509 -noout -text
# Check specific TLS version support
openssl s_client -connect example.com:443 -tls1_3
# View certificate chain
openssl s_client -connect example.com:443 -showcerts
# Check certificate against CA bundle
openssl verify -CAfile /etc/ssl/certs/ca-certificates.crt cert.pemIntegration with Monitoring Stacks
Integrate SSL checking with Prometheus, Grafana, or other monitoring tools by exporting JSON data:
import json
from dargslan_ssl_checker import SSLChecker
checker = SSLChecker()
results = checker.check_multiple(["dargslan.com", "google.com"])
# Export as JSON for Prometheus pushgateway or custom exporters
metrics = []
for r in results:
if 'days_until_expiry' in r:
metrics.append({
'metric': 'ssl_days_until_expiry',
'labels': {'domain': r['hostname']},
'value': r['days_until_expiry']
})
print(json.dumps(metrics, indent=2))π Master Server Security
Our security eBooks cover SSL/TLS configuration, certificate management, Let's Encrypt automation, and complete HTTPS deployment guides for production servers.
Browse Security Books βSSL certificate monitoring is essential for any organization running web services. With dargslan-ssl-checker, you get a lightweight, dependency-free tool that works from the command line, Python scripts, or cron jobs. Install it today and never be surprised by an expired certificate again.
Install now: pip install dargslan-ssl-checker β or get all 15 tools with pip install dargslan-toolkit
Download our free SSL Certificate Checker Cheat Sheet for a quick reference card you can keep on your desk.
