Some time-saving automation shared by madv_willneed… Problem: "Man, it's annoying to remember to check the cert expiry dates on all these different servers and make sure the renewal actually worked."
1-line bash solution:
cat <<< $(( ($(date -d "$(echo -n | openssl s_client -servername "$domain" -connect "$domain:443" 2>&1 | openssl x509 -enddate -noout | grep '^notAfter' | cut -d'=' -f2)" "+%s") - $(date "+%s")) / 86400 ))
"Never a problem again, just set up a super simple job to run this against the domains I care about every few minutes or so, and I know if anything is getting close to expiring. Costs basically nothing to do it… I don't really have any reason not to do it every few minutes, even if I could get away with once a day or something."