利用curl对域名https证书做过期检查

Jan 31, 2024

—

from

命令：curl -vvl https://www.moneyslow.com ，结果如下：

curl -vvl https://www.moneyslow.com
*   Trying 43.129.234.94...
* TCP_NODELAY set
* Connected to www.moneyslow.com (43.129.234.94) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=moneyslow.com
*  start date: Dec 19 00:00:00 2023 GMT
*  expire date: Dec 18 23:59:59 2024 GMT
*  subjectAltName: host "www.moneyslow.com" matched cert's "www.moneyslow.com"

主要看日期，另外最后一行是否是“matched”。

或者：

curl --insecure -v https://www.moneyslow.com 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'

结果：

* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=moneyslow.com
*  start date: Nov 13 13:49:10 2025 GMT
*  expire date: Feb 11 13:49:09 2026 GMT
*  issuer: C=US; O=Let's Encrypt; CN=E8
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
* Connected to www.moneyslow.com (47.106.91.149) port 443
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://www.moneyslow.com/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: www.moneyslow.com]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.14.1]
* [HTTP/2] [1] [accept: */*]
* Request completely sent off
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection #0 to host www.moneyslow.com left intact

https