Good Morning!
I have the following doubt:
Which command should I run to check the expiration date of my certificates on my server?
Operating System: Ubuntu
Thank you!
You can use the openssl tools for that:
$ openssl x509 -dates -noout < /path/to/certificate
2 Likes
But I have many certificates on server, each one in one folder, with the following files in folders:
- cert.pem;
- chain.pem;
- fullchain.pem;
- privkey.pem
Which of the files should I specify on the command?
cert.pem, because this is the leaf certificate.
1 Like
I tried to run the following command:
sudo openssl x509 -dates -noout < /etc/letsencrypt/live/admin.mypharma.net.br/cert.pem
But it showed me this:
-bash: /etc/letsencrypt/live/admin.mypharma.net.br/cert.pem: Permission denied
Please show output of command:
$ ls -l /etc/letsencrypt/live/admin.mypharma.net.br/cert.pem
But I used sudo to run the command.
Ah, the problem is sudo invocation. The redirect of standard input seems to happen before privilege expansion.
Just try:
$ sudo openssl x509 -dates -noout -in /path/to/cert.pem
2 Likes
It worked now.
Thanks 
1 Like
Hi @vinicius.soccol,
Are you using Certbot? If so the command certbot certificates will show output that includes the expiry and is easier to use than openssl:
Found the following certs:
Certificate Name: example.com
Domains: example.com, www.example.com
Expiry Date: 2017-02-19 19:53:00+00:00 (VALID: 30 days)
Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
5 Likes
Ok, I’ll try this command.
Thankyou.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.