Website SSL Expiry script with automatic e-mail

Want to check the expiry date of your SSL certification? Create a .txt file with all your domainnames and create a .ps1 script containing the code below. Script without e-mail function, will just check and show a message in the console:

$minimumCertAgeDays = 14
$timeoutMilliseconds = 10000
$urls = get-content "C:\Users\%username%\Desktop\SSL\check-urls.txt"
#disabling the cert validation check. This is what makes this whole thing work with invalid certs...
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

foreach ($url in $urls)
{
   # Write-Host Checking $url -f Green
    $req = [Net.HttpWebRequest]::Create($url)
    $req.Timeout = $timeoutMilliseconds
    $req.AllowAutoRedirect = $false
    try {$req.GetResponse() |Out-Null} catch {Write-Host Exception while checking URL $url`: $_ -f Blue}
    $certExpiresOnString = $req.ServicePoint.Certificate.GetExpirationDateString()
    [datetime]$expiration = [System.DateTime]::Parse($req.ServicePoint.Certificate.GetExpirationDateString())
    [int]$certExpiresIn = ($expiration - $(get-date)).Days

    if ($certExpiresIn -gt $minimumCertAgeDays)
    {
        Write-Host $url expires in $certExpiresIn days / Expires on $expiration -f Green
    } else {
        Write-Host Warning: Cert for site $url expires in $certExpiresIn days [on $expiration] -f Red
    }
}
 Start-Sleep -s 45

Script including e-mail function, don't forgot to change to your own server/credentials. Keep in mind the password is saved in plaintext

$minimumCertAgeDays = 14
$timeoutMilliseconds = 10000
$urls = get-content "C:\Users\Gebruiker\Desktop\CheckSSLCert\check-urls.txt"
$From = "[email protected]"
$To = "[email protected]"
$SMTPServer = "server.domain.com"
$SMTPPort = "587"
$secpasswd = ConvertTo-SecureString "StrongPassword!" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ("[email protected]", $secpasswd)
$Subject = "SSL Cert expiry"

#disabling the cert validation check. This is what makes this whole thing work with invalid certs...
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

foreach ($url in $urls)
{
   # Write-Host Checking $url -f Green
    $req = [Net.HttpWebRequest]::Create($url)
    $req.Timeout = $timeoutMilliseconds
    $req.AllowAutoRedirect = $false
    try {$req.GetResponse() |Out-Null} catch {Write-Host Exception while checking URL $url`: $_ -f Blue}
    $certExpiresOnString = $req.ServicePoint.Certificate.GetExpirationDateString()
    [datetime]$expiration = [System.DateTime]::Parse($req.ServicePoint.Certificate.GetExpirationDateString())
    [int]$certExpiresIn = ($expiration - $(get-date)).Days

    if ($certExpiresIn -gt $minimumCertAgeDays)
    {
        Write-Host $url expires in $certExpiresIn days / Expires on $expiration -f Green
    } else {
           Write-Host Warning: Cert for site $url expires in $certExpiresIn days [on $expiration] -f Red
        $Body += "Waarschuwing: Cert for site $url expires in $certExpiresIn days [on $expiration]<br>"
        Send-MailMessage -From $From -to $To -Subject $Subject -Body $Body -BodyAsHtml -SmtpServer $SMTPServer -Port $SMTPPort -UseSsl -Credential $cred 
    }
}
 Start-Sleep -s 15

Last updated 2 years ago

Was this helpful?