I am often asked "how do you make sure your SSL certificates are valid?" My simple answer: I have built an icinga2 check for it :-)

it is a simple Bashscript that gets triggerd once a day.

 #!/bin/bash
 #Created by ♞ Raffael Willems@im-c.de

 echo "Raffis SSL Cert Checker running..."
 if printf 'quit\n' | openssl s_client -connect $2 -port $4   2>/dev/null | openssl x509 -checkend 604800 -noout
 then
   echo "Certificate is good for the next 7 Days!"
   exit 0
 else
   WANN=$(printf 'quit\n' | openssl s_client -connect $2 -port $4  2>/dev/null | openssl x509 -enddate -noout)
   echo $WANN
   exit 1
 fi
 # d=$(LC_ALL=en_US.utf8 date +%b\ %_d)

feel free to use it. it gets a lot of problems out of my way!