At an old job, every now and then we'd have a fire drill because, despite it being a large, capable organization, no one seems to track when an SSL cert expires. So, I created this little script to help. I'd run it on the first of every month and share on the main Slack dev channel:

<?php

ini_set('display_errors', 'On');
ini_set('display_startup_errors', 'On');
error_reporting(E_ALL);
$sortable = [];

$sites = [
    "hansanderson.com",
    "ha17.com",
    "huckfacedg.com",
    "dist1nc7iv3.com",
];

echo sprintf('%-40s %-30s %s', 'SITE', 'FROM', 'EXPIRES') . PHP_EOL;

foreach ($sites as $site) {
    $openSslCmd1 = "echo \"Q\" | (openssl s_client -connect {$site}:443 -servername {$site} 2> /dev/null | openssl x509 -noout -dates 2> /dev/null)";

    $result = shell_exec($openSslCmd1);

    if (!$result) {
        $before = 'N/A';
        $after  = 'N/A';
    } else {
        $matches = [];
        preg_match_all('#not(Before|After)=(.*)#', $result, $matches);

        for ($i = 0; $i < sizeof($matches[1]); $i++) {
            $varName = strtolower(trim($matches[1][$i]));
            $varValue = $matches[2][$i];
            $$varName = $varValue;
        }
    }

    $creds = sprintf('%-40s %-30s %s', $site, $before, $after);
    echo $creds . PHP_EOL;
    $sortable[$creds] = strtotime($after);
}

asort($sortable);

echo PHP_EOL . PHP_EOL;

echo sprintf('%-40s %-30s %s', 'SITE', 'FROM', 'EXPIRES') . PHP_EOL;
foreach ($sortable as $creds => $toss) {
    echo $creds . PHP_EOL;
}