How to Find Out How Many Days Before an AWS Certificate Manager Certificate Expires

I wrote a quick Python script to help

July 18, 20232 min readAWS

I host this blog on AWS and used AWS Certificate Manager to generate an SSL certificate for the site. Now, SSL certificates expire, and I wanted a quick way to find out how many days until the site certificate expired without having to log in to the AWS console to find out.

As has become my habit, I asked ChatGPT for help! I told it I have a certificate in the us-east-1 region and wanted a Python script to print out how many days before my certificate expires.

This is what it came up with, along with a couple of tweaks by me to get it 100% working:

import boto3
from datetime import datetime, timedelta

region = 'us-east-1'

# Create ACM client
acm_client = boto3.client('acm', region_name=region)

# List certificates
response = acm_client.list_certificates()
certificates = response['CertificateSummaryList']

for certificate in certificates:
    arn = certificate['CertificateArn']

    # Describe certificate
    response = acm_client.describe_certificate(CertificateArn=arn)
    certificate_info = response['Certificate']

    # Extract expiration date
    expiration_date = certificate_info['NotAfter'].replace(tzinfo=None)

    # Calculate days remaining
    current_date = datetime.utcnow()
    days_remaining = (expiration_date - current_date).days

    # Print certificate information
    print("Certificate ARN:", arn)
    print("Expiration Date:", expiration_date)
    print("Days Remaining:", days_remaining, "days")

Of course, you will need to have configured AWS command line access in the AWS console and run aws configure first before this will work.

If you want to run this for a certificate in another region, just change the region variable to the correct region. You could even modify this script to accept the region as a command line argument.

That's it! Now I can run this script whenever I want to see how many days before my certificate expires.