DEV Community

mibii
mibii

Posted on

Building a SSL Certificate Monitor (to check a validity date)

Building a SSL Certificate Monitor: A Real-World Node.js Project
Hey fellow developers! 👋 Today I want to share a practical project that taught me several important concepts in Node.js while solving a real problem - monitoring SSL certificates expiration dates.

The Problem

If you're running multiple websites on your server with HTTPS (and you should!), you need to keep track of when your SSL certificates expire. While Let's Encrypt certificates auto-renew through certbot, having a monitoring script gives you peace of mind and helps catch any renewal issues early.

Key Learning Points

  1. Working with Node's Native Crypto Module One of the coolest discoveries was Node.js's built-in X509Certificate class. No need for external libraries! Here's how you can read a certificate:
const { X509Certificate } = require('crypto');
const fs = require('fs');

const certFile = fs.readFileSync('/path/to/cert/fullchain.pem');
const x509 = new X509Certificate(certFile);
const expiryDate = new Date(x509.validTo);
Enter fullscreen mode Exit fullscreen mode
  1. Environment Variables Best Practices Never hardcode sensitive data! I learned to structure projects with .env for configuration:
// Don't do this ❌
const certPath = '/etc/letsencrypt/live/mysite.com/fullchain.pem';
Enter fullscreen mode Exit fullscreen mode
// Do this instead ✅
require('dotenv').config();
const certPath = process.env.CERT_PATH;
Enter fullscreen mode Exit fullscreen mode

Remember to include a .env.example in your repo to help other developers:

DOMAIN_1=example.com
DOMAIN_1_CERT_PATH=/path/to/cert/fullchain.pem
Enter fullscreen mode Exit fullscreen mode
  1. Making Output User-Friendly When building utility scripts, clear output is crucial. I used console colors to highlight important warnings:
if (daysUntilExpiry <= 7) {
    console.log('\x1b[31m%s\x1b[0m', 'CRITICAL: Certificate expires soon!');
}
Enter fullscreen mode Exit fullscreen mode

Project Structure Tips

Here's something I wish I knew earlier - organizing small utility projects:

ssl-checker/
  ├── checkCertificateExpiry.js  # Main script
  ├── .env                       # Private configuration
  ├── .env.example              # Public example
  ├── .gitignore                # Exclude sensitive files
  └── package.json              # Dependencies and scripts
Enter fullscreen mode Exit fullscreen mode

Real-World Application

This script runs on my server monitoring two domains.

When certificates need renewal, it's as simple as:

sudo certbot certonly --nginx -d domain.com
Enter fullscreen mode Exit fullscreen mode

Key Takeaways 🔑

Security First: Always use environment variables for sensitive data
Error Handling: Your script should gracefully handle missing files or invalid certificates
User Experience: Clear, colored console output makes utility scripts more professional
Modularity: Structure code so it's easy to add more domains later

What's Next?

You could enhance this project by:

Adding email notifications for expiring certificates
Creating a simple web dashboard
Adding support for non-Let's Encrypt certificates
Implementing automatic Slack/Discord notifications

Conclusion

Building utility scripts like this is a great way to learn real-world programming. You practice:

File system operations
Cryptography basics
Environment configuration
Error handling
User-friendly output

Have you built similar utility scripts? What features would you add? Let me know in the comments!

Full Code source
buymeacoffee.com/techmobilebox/e/335174

Remember to follow me for more practical coding tutorials! 🚀

nodejs #webdev #security #programming #devops

Top comments (0)