SecurityJanuary 31, 2026 7 min read

How to Get SSL Certificate Expiry Email Reminders

Never let an SSL certificate expire unexpectedly. Set up automatic email reminders for SSL expiration to prevent website security warnings and downtime.

WizStatus Team
Author

An expired SSL certificate breaks your website for visitors, damages trust, and hurts SEO. Here's how to set up automatic reminders so you never miss a renewal deadline.

Why SSL Monitoring Matters

What Happens When SSL Expires

  • Browser warnings - "Your connection is not private"
  • Lost traffic - Visitors leave immediately
  • SEO impact - Google penalizes insecure sites
  • API failures - HTTPS connections rejected
  • Payment processing - PCI compliance issues

Common Expiration Causes

  • Forgot to renew manually
  • Auto-renewal failed silently
  • Email went to spam
  • Contact email changed
  • Certificate authority issues

Method 1: Use a Monitoring Service

Set Up Automated Monitoring

The most reliable approach is dedicated SSL monitoring:

  1. Add your domains to a monitoring service
  2. Configure alert thresholds (30, 14, 7, 1 days)
  3. Add multiple email recipients
  4. Enable backup notification channels

Alert Schedule Example

Days Before ExpiryAlert Type
60 daysInformational email
30 daysReminder email
14 daysWarning email
7 daysUrgent email
3 daysCritical + SMS
1 dayEmergency + Phone

Method 2: DIY with Scripts

Bash Script for Checking

#!/bin/bash
# check-ssl-expiry.sh

DOMAIN=$1
DAYS_WARNING=30

EXPIRY=$(echo | openssl s_client -servername $DOMAIN -connect $DOMAIN:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)

EXPIRY_EPOCH=$(date -d "$EXPIRY" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))

if [ $DAYS_LEFT -lt $DAYS_WARNING ]; then
  echo "WARNING: $DOMAIN SSL expires in $DAYS_LEFT days"
  # Send email alert
  echo "SSL certificate for $DOMAIN expires in $DAYS_LEFT days" | \
    mail -s "SSL Expiry Warning: $DOMAIN" admin@example.com
fi

Cron Job Setup

# Check SSL daily at 9 AM
0 9 * * * /path/to/check-ssl-expiry.sh example.com
0 9 * * * /path/to/check-ssl-expiry.sh api.example.com
0 9 * * * /path/to/check-ssl-expiry.sh app.example.com

Python Script Alternative

import ssl
import socket
from datetime import datetime
import smtplib
from email.mime.text import MIMEText

def check_ssl_expiry(domain, warning_days=30):
    context = ssl.create_default_context()

    with socket.create_connection((domain, 443)) as sock:
        with context.wrap_socket(sock, server_hostname=domain) as ssock:
            cert = ssock.getpeercert()

    expiry = datetime.strptime(cert['notAfter'], '%b %d %H:%M:%S %Y %Z')
    days_left = (expiry - datetime.now()).days

    if days_left < warning_days:
        send_alert(domain, days_left)

    return days_left

def send_alert(domain, days):
    msg = MIMEText(f"SSL certificate for {domain} expires in {days} days")
    msg['Subject'] = f"SSL Expiry Warning: {domain}"
    msg['From'] = 'monitor@example.com'
    msg['To'] = 'admin@example.com'

    with smtplib.SMTP('localhost') as server:
        server.send_message(msg)

# Check multiple domains
domains = ['example.com', 'api.example.com', 'app.example.com']
for domain in domains:
    days = check_ssl_expiry(domain)
    print(f"{domain}: {days} days remaining")

Method 3: Calendar Reminders

Manual Calendar Setup

  1. Find your certificate expiry date
  2. Create calendar events:
    • 60 days before: "Review SSL renewal"
    • 30 days before: "Renew SSL certificate"
    • 7 days before: "URGENT: SSL expires soon"
  3. Invite team members
  4. Repeat for each domain

Getting the Expiry Date

# Check expiry date
echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -enddate

# Output: notAfter=Mar 15 12:00:00 2026 GMT

Method 4: Let's Encrypt Automation

Certbot Auto-Renewal

Let's Encrypt certificates auto-renew, but you should still monitor:

# Check certbot renewal status
sudo certbot certificates

# Test renewal
sudo certbot renew --dry-run

# Cron job for renewal (usually set up automatically)
0 0 * * * certbot renew --quiet

Monitor Auto-Renewal

Even with auto-renewal, set up monitoring because:

  • Renewal can fail silently
  • DNS changes can break validation
  • Server configuration issues
  • Rate limits can block renewal

Best Practices

Multiple Alert Channels

Don't rely on email alone:

  • Email to multiple recipients
  • Slack/Teams notifications
  • SMS for critical alerts
  • Dashboard visibility

Document Your Certificates

Keep a registry of all certificates:

DomainIssuerExpiryAuto-RenewOwner
example.comLet's Encrypt2026-03-15YesDevOps
api.example.comDigiCert2026-06-01NoSecurity

SSL Monitoring Checklist

  • All domains identified
  • Monitoring service configured
  • Multiple alert thresholds set
  • Team members notified
  • Backup alerts configured
  • Auto-renewal verified
  • Calendar reminders added
  • Certificate registry created
  • Renewal process documented
  • Test alert received
WizStatus monitors your SSL certificates 24/7. Get email, Slack, and SMS alerts at 30, 14, 7, and 1 day before expiry. Never miss a renewal again.

Related Articles

Certificate Transparency Logs: Detect Unauthorized Certificates
Security

Certificate Transparency Logs: Detect Unauthorized Certificates

Learn how Certificate Transparency logs help detect unauthorized SSL certificates. Understand CT monitoring and protect your domains from certificate fraud.
8 min read
HSTS Implementation Guide: Force HTTPS the Right Way
Tutorials

HSTS Implementation Guide: Force HTTPS the Right Way

Learn to implement HTTP Strict Transport Security (HSTS) correctly. Complete guide to HSTS configuration, preloading, and avoiding common mistakes.
10 min read
Let's Encrypt Monitoring: Automate Renewal and Avoid Outages
Tutorials

Let's Encrypt Monitoring: Automate Renewal and Avoid Outages

Master Let's Encrypt certificate monitoring and automation. Learn to configure auto-renewal, monitor expiration, and prevent certificate outages.
12 min read

Start monitoring your infrastructure today

Put these insights into practice with WizStatus monitoring.

Try WizStatus Free