Hi, is there any chance that the expiration emails include some more information about the certificate which is about to expire?
like serial no. and valid from/to?!
this would make it much more easier to check whether the certificate was exchanged already?!
there are plenty of information available, why not use them?
$ echo "check time: $(date)"; cc letsencrypt.org
check time: Mon 5 Aug 15:26:16 CEST 2024
FQDN: letsencrypt.org PORT: 443 IP: letsencrypt.org (DNS IP: 35.156.224.161 18.192.94.96 2a05:d014:275:cb02::c8 2a05:d014:275:cb01::c8 )
md5 Fingerprint = 65:39:C5:B4:21:A4:20:6B:7A:52:83:B5:8F:FE:AC:2F
sha1 Fingerprint = 66:AC:9D:73:12:EF:63:6B:50:3A:55:A4:43:19:72:13:DF:97:32:B9
sha256 Fingerprint = 45:F6:1D:89:B6:13:31:66:18:82:DA:04:A6:BF:BD:E1:4E:FF:1D:E6:2D:2D:33:9F:7A:20:4B:0B:2B:DA:25:A3
Serial Number: 03:48:21:0e:84:af:e4:3a:53:dc:f7:77:96:ac:23:6d:50:c3
Issuer: C = US
O = Let's Encrypt
CN = E6
Not Before: Jun 10 17:12:26 2024 GMT
Not After : Sep 8 17:12:25 2024 GMT
Subject: CN = lencr.org
DNS:lencr.org
DNS:letsencrypt.com
DNS:letsencrypt.org
DNS:www.lencr.org
DNS:www.letsencrypt.com
DNS:www.letsencrypt.org
verify depth is 42
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = E6
verify return:1
depth=0 CN = lencr.org
verify return:1
DONE
Verify return code: 0 (ok)
Verify return code: 0 (ok)
$
Issuer is a bit useless here but this is just an example of what I use to the check certificates on the internet.
Many Thanks!