I recently installed Let’s Encrypt mechanism on some of my sites.
Currently, the upgrade is not automatic (beta version + I personally need to be convinced 🙂 )

So, I need to monitor the validity dates of the certificates.
Here is a one-liner that do the job:

 echo | openssl s_client -connect <site>:<port>  2>/dev/null | openssl x509 -noout -enddate

Note that I added the initial “echo”, as the openssl is waiting for an input…

Output example:

$ echo | openssl s_client -connect raistlin.alphamaths.fr:443 2>/dev/null | openssl x509 -noout -enddate
 notAfter=Mar 5 16:30:49 2017 GMT

You can imagine any kind of monitoring / notification on top of that !