
Build Status Gem Version

A tool to check X509 cert status


$ gem install cert_checker

Command Line Usage

$ cert_checker
cert_checker [-d domain_or_ip] [-f hosts_file]
    -d host                          host name, example google.com. more host: -h h1.com -h h2.com
    -f file                          hosts file, split hosts by new line, and ignore line whice start by # and empt line


$ cert_checker -d taobao.com -d xjz.pw -d slack.com -d asdf.com
ok             taobao.com                          GlobalSign nv-sa     2019-11-13 344 days (http/1.1)
ok             xjz.pw                              Let's Encrypt        2019-02-18 76 days (http/1.1)
ok             slack.com                           DigiCert Inc         2021-02-12 714 days (h2)
ok             asdf.com                            Let's Encrypt        2019-04-08 38 days (No ALPN)

$ cat >> myhosts <<EOF
# A

# B

$ cert_checker -f myhosts
ok             xjz.pw                              Let's Encrypt        2019-02-18 76 days (http/1.1)
ok             taobao.com                          GlobalSign nv-sa     2019-11-13 344 days (http/1.1)
ok             jd.com                              GlobalSign nv-sa     2019-09-28 298 days (http/1.1)

Code Usage

require 'cert_checker'

status, host, issuer, expired, desc, alpn_protocol = CertChecker.check('taobao.com')

# Other port and timeout
port = 443 # default
status, host, issuer, expired, desc, alpn_protocol = CertChecker.check('taobao.com', port, timeout: 5)

Add your root cert


# It will trust certs which signed by this root ca
status, host, issuer, expired, desc, alpn_protocol = CertChecker.check('mydomain.com', port, timeout: 3)

Multiple cert store instance

class MyChecker
  include CertChecker

status, host, issuer, expired, desc, alpn_protocol = MyChecker.check('mydomain.com', port, timeout: 3)

All Status

  • failed: Failed to get the cert
  • unverifiable: Invalid cert chain or cannot verify it.
  • expired: The cert is expired
  • urgent: The cert expires in 15 days.
  • warning: The cert expires in 30 days.
  • ok: Not found problem


Bug reports and pull requests are welcome on GitHub at https://github.com/xiejiangzhi/cert_checker.


The gem is available as open source under the terms of the MIT License.