So, you've got a bunch of servers with SSL certs and you're constantly forgetting when to renew? Fret no more! Now there's one more tool you can add to the pages-long list of tools that can solve this problem.

cert_check.sh

#!/bin/bash

servers[0]=server0.example.com
servers[1]=server1.example.com
servers[2]=server2.example.com

TMP_CERT_QUIT=/tmp/check_cert_quit.tmp
TMP_CERT_CHECK=/tmp/check_cert.tmp

if [ -f "$TMP_CERT_CHECK" ]
then
  rm "$TMP_CERT_CHECK"
fi

echo 'quit\n' > "$TMP_CERT_QUIT"

for i in ${servers[@]}
do
  echo Checking server: $i

  openssl s_client -connect "$i:443" < "$TMP_CERT_QUIT" > "$TMP_CERT_CHECK" 2>/dev/null # Maybe this null redirect could be used to find MITM attacks instead?
  EXPIRE_DATE_TMP=`openssl x509 -in "$TMP_CERT_CHECK" -noout -enddate`
  EXPIRE_DATE=`echo "$EXPIRE_DATE_TMP" | sed 's/[^=]*=//'`

  echo "   Expires: $EXPIRE_DATE"
  rm "$TMP_CERT_CHECK"
done

rm "$TMP_CERT_QUIT"