获取证书到期时间

方法二

pip install python-dateutil pytz requests

#!/usr/bin/env python3  
  
import ssl, socket  
import requests  
from dateutil import parser  
import pytz  
from datetime import datetime, timezone

requests.packages.urllib3.disable_warnings()  
  
try:  
    _create_unverified_https_context = ssl._create_unverified_context  
except AttributeError:  
    # Legacy Python that doesn't verify HTTPS certificates by default  
    pass  
else:  
    # Handle target environment that doesn't support HTTPS verification  
    ssl._create_default_https_context = _create_unverified_https_context  
  
  
def get_domain_content(domain):  
    requests.packages.urllib3.disable_warnings()  
    url = 'https://' + domain  
    response = requests.get(url, verify=False).headers  
    print(response)  
  

def get_my_domain(mydomain):  
    try:  
        socket.setdefaulttimeout(5)  
        my_addr = socket.getaddrinfo(mydomain, None)  
        c = ssl.create_default_context()  
        s = c.wrap_socket(socket.socket(), server_hostname=mydomain)  
        s.connect((mydomain, 443))  
        my_cert = s.getpeercert()  
        get_my_cert_dated(mydomain, my_cert, my_addr)  
    except ssl.CertificateError and socket.gaierror as e:  
        pass  
  
  
def get_my_cert_dated(domain, certs, my_addr):  
    cert_beginning_time = parser.parse(certs['notBefore']).astimezone(pytz.utc)  
    cert_end_time = parser.parse(certs['notAfter']).astimezone(pytz.utc)  
  
    print('域名:(%s)  证书失效时间: %s' % (domain,  cert_end_time))  
    print('域名:(%s)  证书剩余天数: %s' % (domain,  (cert_end_time - datetime.now(timezone.utc)).days))  
  
  
def read_domain_files():  
    with open('./domain.txt', 'r',  
              encoding="utf-8") as file:  
        for domain in file:  
            try:  
                get_my_domain(domain.strip())  
            except Exception as e:  
                print('域名: (%s)-%s' %(domain.strip(), e))  
  
  
if __name__ == "__main__":  
    read_domain_files()  

准备domain.txt一个域名一行，可从DNS导出记录

cat > domain.txt << EOF  
linuxeye.com  
www.linuxeye.com  
oneinstack.com  
www.linuxeye.com  
EOF  

执行：

python3 domain-ssl-check.py  sEOF  

方法三

1、通过证书获取

openssl x509 -in <cert>.pem -noout -dates

2、通过域名获取

echo | openssl s_client -servername <doman> -connect <doman>:443 2>/dev/null | openssl x509 -noout -dates

3、通过脚本获取

# coding: utf-8 
# 查询域名证书到期情况

import re
import subprocess
from datetime import datetime


def get_re_match_result(pattern, string):
    match = re.search(pattern, string)
    return match.group(1)


def parse_time(date_str):
    return datetime.strptime(date_str, "%b %d %H:%M:%S %Y GMT")


def format_time(date_time):
    return datetime.strftime(date_time, "%Y-%m-%d %H:%M:%S")


def get_cert_info(domain):
    """获取证书信息"""
    cmd = f"curl -Ivs https://{domain} --connect-timeout 10"

    exitcode, output = subprocess.getstatusoutput(cmd)

    # 正则匹配
    start_date = get_re_match_result('start date: (.*)', output)
    expire_date = get_re_match_result('expire date: (.*)', output)

    # 解析匹配结果
    start_date = parse_time(start_date)
    expire_date = parse_time(expire_date)

    return {
        'start_date': start_date,
        'expire_date': expire_date
    }


def get_cert_expire_date(domain):
    """获取证书剩余时间"""
    info = get_cert_info(domain)
    print(info)

    expire_date = info['expire_date']

    # 剩余天数
    return (expire_date - datetime.now()).days


if __name__ == "__main__":
    domain = 'www.baidu.com'
    expire_date = get_cert_expire_date(domain)
    print(expire_date)