Script to check when your SSL certificates expire

checkcerts.py

#!/usr/bin/env python3
import OpenSSL
from datetime import datetime, timedelta
from glob import glob

now  = datetime.now()
month = timedelta(30)
soon = now + month

files = []
CNs = []
days = []
issuers = []

for certname in glob('*.pem') + glob("*.crt"):
    try:
        with open(certname) as cert:
            x = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert.read())
    except Exception as e:
        continue
    notAfter = x.get_notAfter()
    expire = datetime.strptime(notAfter.decode(), "%Y%m%d%H%M%SZ")
    renew = False
    if expire < soon:
        renew = True

    CN = "N/A"
    s = x.get_subject()
    for c in s.get_components():
        if c[0] == b'CN':
            CN = c[1].decode()

    issuer = "N/A"
    i = x.get_issuer()
    for c in i.get_components():
        if c[0] == b'CN':
            issuer = c[1].decode()

    files.append(certname)
    CNs.append(CN)
    days.append((expire - now).days)
    issuers.append(issuer)

filelen = len(max(files, key = lambda x:len(x)))
CNlen = len(max(CNs, key = lambda x:len(x)))
daylen = len(str(max(days, key = lambda x:len(str(x)))))
isslen = len(max(issuers, key = lambda x:len(x)))
zipped = sorted(zip(files, CNs, days, issuers), key=lambda z:z[2], reverse = True)
for f, c, d, i in zipped:
    print("{} for {} by {} expires in {} days"
          .format("{0:<" + str(filelen + 1) + "}",
                  "{1:<" + str(CNlen + 1) +"}",
                  "{2:<" + str(isslen + 1) +"}",
                  "{3:<" + str(daylen) + "}")
          .format(f, c, i, d))