Building a SSL Certificate Monitor (to check a validity date)

Building a SSL Certificate Monitor: A Real-World Node.js Project
Hey fellow developers! 👋 Today I want to share a practical project that taught me several important concepts in Node.js while solving a real problem - monitoring SSL certificates expiration dates.

The Problem

If you're running multiple websites on your server with HTTPS (and you should!), you need to keep track of when your SSL certificates expire. While Let's Encrypt certificates auto-renew through certbot, having a monitoring script gives you peace of mind and helps catch any renewal issues early.

Key Learning Points

1. Working with Node's Native Crypto Module One of the coolest discoveries was Node.js's built-in X509Certificate class. No need for external libraries! Here's how you can read a certificate:

const { X509Certificate } = require('crypto');
const fs = require('fs');

const certFile = fs.readFileSync('/path/to/cert/fullchain.pem');
const x509 = new X509Certificate(certFile);
const expiryDate = new Date(x509.validTo);

1. Environment Variables Best Practices Never hardcode sensitive data! I learned to structure projects with .env for configuration:

// Don't do this ❌
const certPath = '/etc/letsencrypt/live/mysite.com/fullchain.pem';

// Do this instead ✅
require('dotenv').config();
const certPath = process.env.CERT_PATH;

Remember to include a .env.example in your repo to help other developers:

DOMAIN_1=example.com
DOMAIN_1_CERT_PATH=/path/to/cert/fullchain.pem

1. Making Output User-Friendly When building utility scripts, clear output is crucial. I used console colors to highlight important warnings:

if (daysUntilExpiry <= 7) {
    console.log('\x1b[31m%s\x1b[0m', 'CRITICAL: Certificate expires soon!');
}

Project Structure Tips

Here's something I wish I knew earlier - organizing small utility projects:

ssl-checker/
  ├── checkCertificateExpiry.js  # Main script
  ├── .env                       # Private configuration
  ├── .env.example              # Public example
  ├── .gitignore                # Exclude sensitive files
  └── package.json              # Dependencies and scripts

Real-World Application

This script runs on my server monitoring two domains.

When certificates need renewal, it's as simple as:

sudo certbot certonly --nginx -d domain.com

Key Takeaways 🔑

Security First: Always use environment variables for sensitive data
Error Handling: Your script should gracefully handle missing files or invalid certificates
User Experience: Clear, colored console output makes utility scripts more professional
Modularity: Structure code so it's easy to add more domains later

What's Next?

You could enhance this project by:

Adding email notifications for expiring certificates
Creating a simple web dashboard
Adding support for non-Let's Encrypt certificates
Implementing automatic Slack/Discord notifications

Conclusion

Building utility scripts like this is a great way to learn real-world programming. You practice:

File system operations
Cryptography basics
Environment configuration
Error handling
User-friendly output

Have you built similar utility scripts? What features would you add? Let me know in the comments!

Full Code source
buymeacoffee.com/techmobilebox/e/335174

Remember to follow me for more practical coding tutorials! 🚀

nodejs #webdev #security #programming #devops