docker-letsencrypt-nginx-proxy-companion/app/cert_status

#!/bin/bash
function print_cert_info {
  local enddate
  local subject
  local san_str

  # Get the wanted informations with OpenSSL.
  issuer="$(openssl x509 -noout -issuer -in "$1" | sed -n 's/.*CN=\(.*\)/\1/p')"
  enddate="$(openssl x509 -noout -enddate -in "$1" | sed -n 's/notAfter=\(.*$\)/\1/p')"
  subject="$(openssl x509 -noout -subject -in "$1" | sed -n 's/.*CN=\([a-z0-9.-]*\)/- \1/p')"
  san_str="$(openssl x509 -text -in "$1" | grep 'DNS:')"

  echo "Certificate was issued by $issuer"
  echo "Certificate is valid until $enddate"
  echo "Subject Name:"
  echo "$subject"

  # Display the SAN info only if there is more than one SAN domain.
  while IFS=',' read -ra SAN; do
      if [[ ${#SAN[@]} -gt 1 ]]; then
          echo "Subject Alternative Name:"
          for domain in "${SAN[@]}"; do
              echo "$domain" | sed -n 's/.*DNS:\([a-z0-9.-]*\)/- \1/p'
          done
      fi
  done <<< "$san_str"
}

echo '##### Certificate status #####'
for cert in /etc/nginx/certs/*/fullchain.pem; do
    [[ -e "$cert" ]] || continue
    # Verify the certificate with OpenSSL.
    openssl verify -CAfile "${cert%fullchain.pem}chain.pem" "$cert"

    # Print certificate info.
    print_cert_info "$cert"

    # Find the .crt files in /etc/nginx/certs which are
    # symlinks pointing to the current certificate.
    unset symlinked_domains
    for symlink in /etc/nginx/certs/*.crt; do
        [[ -e "$symlink" ]] || continue
        if [[ "$(readlink -f "$symlink")" == "$cert" ]]; then
            domain="$(echo "${symlink%.crt}" | sed 's#/etc/nginx/certs/##g')"
            symlinked_domains+=("$domain")
        fi
    done

    # Display symlinks pointing to the current cert if there is any.
    if [[ ${#symlinked_domains[@]} -gt 0 ]]; then
        echo "Certificate is used by the following domain(s):"
        for domain in "${symlinked_domains[@]}"; do
          echo "- $domain"
        done
    fi

    echo '##############################'
done