Automatic certificate expiration checkIf you authenticate certain services on your Linux server like your WLAN or webserver towards users for their security you will likely have multiple certificates. These usually have a certain period during which they are valid. This means you have to renew them from time to time.
If you don't track the certificates' expiration times you likely only notice an outdated certificate if a horde of users knocks on your door complaining that a certain service is out of order. Good luck fixing this problem with a mob of people in your back throwing torches and pitchforks at you.
One option is to keep a Post-It with all important dates for each single certificate on your screen. Unfortunately if you do this for other jobs too the notes will either cover your screen or each other. The result is the same. You won't be able to do your work properly any more. The more lazy (i.e. better) way is to let a script automatically warn you in advance before expiration.
The good news is that you don't have to write the script on your own. I already prepared one which you can use under a CC BY license.
It can be executed as cron job or used as Nagios check out of the box. A Zabbix check will need some minor adjustments. I recommend just echoing the remaining days. In that case you can completely drop the existing output part and criticality check including the days input parameters. This is all done in Zabbix
The script calculates the remaining days until a certificate expires. Note that I ignore leap years and that months have a diffent amount of days. This is sufficiently accurate for me. As follows I don't see the point in wasting my time in programming a more detailed solution.
You can give the script the path to any certificate (for which you have read permission). Furthermore it will throw a critical or warning message depending on an adjustable amount of days left. A separate message will be given if the certificate already expired.