Skip to content
Use-case GET /api/v1/inspect-ssl

Automated SSL Certificate Monitoring

SSL certificates expire. When they do, your site shows a scary browser warning and visitors leave. The fix is simple: check your certs on a schedule and get notified before anything expires. The Apixies SSL Inspector API makes this a few lines of code.

The Approach

  1. Call the API for each domain you want to monitor
  2. Check the days_until_expiry field
  3. If it's below your threshold (say, 14 days), send an alert
  4. Run this on a cron job, daily

That's it. No OpenSSL parsing, no certificate chain debugging, no socket programming.

Bash Script

Here's a complete monitoring script. It checks a domain, compares against a threshold, and exits with code 1 if the cert is expiring soon. That exit code makes it easy to hook into alerting systems.

#!/bin/bash
# check-ssl.sh - Check SSL certificate expiry via Apixies API
# Usage: ./check-ssl.sh github.com [threshold_days]

DOMAIN="${1:?Usage: $0 <domain> [threshold_days]}"
THRESHOLD="${2:-14}"
API_KEY="${APIXIES_API_KEY:-YOUR_API_KEY}"

RESPONSE=$(curl -s -H "X-API-Key: $API_KEY" \
  "https://apixies.io/api/v1/inspect-ssl?domain=$DOMAIN")

VALID=$(echo "$RESPONSE" | jq -r '.data.valid')
DAYS=$(echo "$RESPONSE" | jq -r '.data.days_until_expiry')
ISSUER=$(echo "$RESPONSE" | jq -r '.data.issuer')

if [ "$VALID" != "true" ]; then
  echo "CRITICAL: $DOMAIN has an invalid SSL certificate"
  echo "Issuer: $ISSUER"
  exit 1
fi

if [ "$DAYS" -lt "$THRESHOLD" ]; then
  echo "WARNING: $DOMAIN certificate expires in $DAYS days"
  echo "Issuer: $ISSUER"
  exit 1
fi

echo "OK: $DOMAIN certificate valid for $DAYS more days"
exit 0

Make it executable and test:

chmod +x check-ssl.sh
./check-ssl.sh github.com
# OK: github.com certificate valid for 287 more days

./check-ssl.sh github.com 400
# WARNING: github.com certificate expires in 287 days

Python Version

Same logic, but with proper error handling and support for multiple domains:

import requests
import sys

API_KEY = "YOUR_API_KEY"
THRESHOLD = 14
DOMAINS = ["github.com", "stripe.com", "cloudflare.com"]

def check_ssl(domain):
    response = requests.get(
        "https://apixies.io/api/v1/inspect-ssl",
        headers={"X-API-Key": API_KEY},
        params={"domain": domain},
    )
    data = response.json().get("data", {})
    return data

problems = []

for domain in DOMAINS:
    result = check_ssl(domain)
    days = result.get("days_until_expiry", 0)
    valid = result.get("valid", False)

    if not valid:
        problems.append(f"CRITICAL: {domain} - invalid certificate")
        print(f"CRITICAL: {domain} - certificate is not valid")
    elif days < THRESHOLD:
        problems.append(f"WARNING: {domain} - expires in {days} days")
        print(f"WARNING: {domain} - expires in {days} days")
    else:
        print(f"OK: {domain} - {days} days remaining")

if problems:
    print(f"\n{len(problems)} issue(s) found")
    sys.exit(1)

print("\nAll certificates OK")

Checking Multiple Domains

If you manage a bunch of domains, keep them in a text file and loop through:

# domains.txt - one domain per line
github.com
stripe.com
cloudflare.com

#!/bin/bash
# check-all-ssl.sh
API_KEY="${APIXIES_API_KEY:-YOUR_API_KEY}"
THRESHOLD=14
ISSUES=0

while IFS= read -r domain; do
  [ -z "$domain" ] && continue
  RESPONSE=$(curl -s -H "X-API-Key: $API_KEY" \
    "https://apixies.io/api/v1/inspect-ssl?domain=$domain")

  DAYS=$(echo "$RESPONSE" | jq -r '.data.days_until_expiry')
  VALID=$(echo "$RESPONSE" | jq -r '.data.valid')

  if [ "$VALID" != "true" ] || [ "$DAYS" -lt "$THRESHOLD" ]; then
    echo "ALERT: $domain - valid=$VALID, days=$DAYS"
    ISSUES=$((ISSUES + 1))
  else
    echo "OK: $domain ($DAYS days)"
  fi

  sleep 1  # Be nice to the API
done < domains.txt

echo ""
echo "Checked $(wc -l < domains.txt) domains, $ISSUES issue(s)"
exit $ISSUES

Setting Up a Cron Job

Run the check daily at 8 AM:

# Edit crontab
crontab -e

# Add this line:
0 8 * * * /path/to/check-ssl.sh yourdomain.com >> /var/log/ssl-check.log 2>&1

For the multi-domain version:

0 8 * * * /path/to/check-all-ssl.sh >> /var/log/ssl-check.log 2>&1

If you want email alerts when something fails, pipe the output:

0 8 * * * /path/to/check-ssl.sh yourdomain.com || mail -s "SSL Alert" you@email.com < /var/log/ssl-check.log

CI/CD Integration

Add a cert check to your GitHub Actions workflow:

- name: Check SSL certificate
  run: |
    RESPONSE=$(curl -s -H "X-API-Key: ${{ secrets.APIXIES_API_KEY }}" \
      "https://apixies.io/api/v1/inspect-ssl?domain=yourdomain.com")
    DAYS=$(echo "$RESPONSE" | jq -r '.data.days_until_expiry')
    if [ "$DAYS" -lt 14 ]; then
      echo "SSL certificate expires in $DAYS days"
      exit 1
    fi
    echo "SSL OK: $DAYS days remaining"

Rate Limits

The free tier gives you 75 API calls per day. That's enough to check 75 domains daily. If you're monitoring more than that, space the checks across the day or reach out about higher limits.

Be honest with yourself about how many domains you actually need to check. Most people have fewer than 10.

Next Steps

Try the SSL Health Inspector API

Free tier is for development & small projects. 75 requests/day with a registered account.

View API Docs Get Free API Key

Related Guides

Tutorial

SSL Certificate API Tutorial

Learn how to check SSL certificates with the Apixies API. Get expiry dates, issuer info, and chain health for any domain in seconds.

Getting Started

Explore

Resources

Get Started Free

Free for development and small projects.

Get Free API Key

We use cookies for analytics to understand how our site is used. Privacy Policy