CloudStick is a server control panel for developers and agencies that lets you manage cloud servers on AWS, DigitalOcean, Vultr, Linode, and Hetzner without using the command line. Plans start at $9/month — the Basic plan covers 1 server with unlimited websites; Pro at $19/month and Business at $49/month cover unlimited servers.

Will features I pay for ever get moved to a higher plan?

No. CloudStick is committed to keeping all features you currently pay for within your existing plan. New features may be added to higher tiers, but existing plan features will never be removed or require a forced upgrade.

What happens to my servers if I cancel CloudStick?

Your servers remain fully operational after cancellation. CloudStick does not host your servers — it manages them. If you cancel, you lose access to the CloudStick dashboard, but your servers continue running on your cloud provider.

Is there a free trial for CloudStick?

Yes. CloudStick offers a 7-day free trial on all paid plans with no credit card required. You can explore every feature and upgrade, downgrade, or cancel at any time during or after the trial.

SSL & SECURITY

Jun 24, 2026

How to Check When Your SSL Certificate Expires

7 min read

CloudStick Team

WordPress Engineer

Share this article

How to Check When Your SSL Certificate Expires

Check expiry before it hits

Why SSL Expiry Still Catches People Off Guard

Even with auto-renewal in place, certificates expire unexpectedly. A DNS change can block the ACME validation challenge. A Certbot installation can become stale after an OS upgrade. A server migration can leave auto-renewal configured on the old server but not the new one. When the certificate expires, every visitor sees a browser security warning and the site effectively goes offline for anyone who doesn't click through warnings. Checking expiry proactively — and setting up monitoring — lets you catch these edge cases before they become outages.

Check the Expiry Date from Your Browser

In Chrome: click the padlock (or the tune icon) in the address bar → “Connection is secure” → “Certificate is valid”. The certificate detail panel shows the “Valid from” and “Valid to” dates. In Firefox: click the padlock → “Connection secure” → “More information” → “Security” tab → “View Certificate”. This method is convenient for a quick check but doesn't scale if you manage many domains.

Check Expiry from the Command Line

The openssl command is the most reliable way to check a live certificate's expiry from the server or from your workstation:

# Check expiry date for a live domain
openssl s_client -connect yourdomain.com:443 -servername yourdomain.com < /dev/null 2>/dev/null \
  | openssl x509 -noout -enddate
# Output example:
# notAfter=Aug  8 23:59:59 2026 GMT
# Check a certificate file directly (not via network)
openssl x509 -enddate -noout -in /etc/letsencrypt/live/yourdomain.com/cert.pem
# How many days until expiry (outputs a number)
EXPIRY=$(openssl s_client -connect yourdomain.com:443 -servername yourdomain.com < /dev/null 2>/dev/null \
  | openssl x509 -noout -enddate | cut -d= -f2)
DAYS=$(( ( $(date -d "$EXPIRY" +%s) - $(date +%s) ) / 86400 ))
echo "Certificate expires in $DAYS days"

Check All Certbot Certificates at Once

If you manage multiple domains via Certbot on the same server, the certbot certificates command lists every managed certificate with its expiry date and renewal status:

sudo certbot certificates
# Sample output:
- - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: yourdomain.com
    Domains: yourdomain.com www.yourdomain.com
    Expiry Date: 2026-08-08 (VALID: 45 days)
    Certificate Path: /etc/letsencrypt/live/yourdomain.com/cert.pem
    Private Key Path: /etc/letsencrypt/live/yourdomain.com/privkey.pem

Set Up Automated Expiry Alerts

Manual checks don't scale. A simple bash script run via cron can email you when any certificate on the server is within 21 days of expiry:

#!/bin/bash
# /usr/local/bin/check-ssl-expiry.sh
WARN_DAYS=21
ALERT_EMAIL="you@yourdomain.com"
for CERT_DIR in /etc/letsencrypt/live/*/; do
  DOMAIN=$(basename "$CERT_DIR")
  EXPIRY=$(openssl x509 -enddate -noout -in "$CERT_DIR/cert.pem" | cut -d= -f2)
  DAYS=$(( ( $(date -d "$EXPIRY" +%s) - $(date +%s) ) / 86400 ))
  if [ "$DAYS" -lt "$WARN_DAYS" ]; then
    echo "$DOMAIN expires in $DAYS days" | mail -s "SSL Warning: $DOMAIN" "$ALERT_EMAIL"
  fi
done
# Add to crontab (run daily at 8am):
# 0 8 * * * /usr/local/bin/check-ssl-expiry.sh

CloudStick Handles Renewal Automatically

When SSL is managed through CloudStick, certificate expiry is monitored and renewal is triggered automatically — no cron jobs or scripts required. CloudStick attempts renewal when a certificate is within 30 days of expiry, retries on failure, and sends a dashboard notification if a renewal fails so you can investigate. The SSL status for each domain is visible in the SSL section of the website panel, showing the current expiry date and last renewal timestamp at a glance.