At Verge we are huge fans of making sure all our sites are using SSL/TLS for the additional security it provides to our clients and their visitors. In addition, Google has indicated that sites missing the HTTPS protocol implementation may be ranked lower than sites that do. What used to be an expensive and cumbersome process in the past has become an absolute breeze due to the advent of auto-install solutions such as Let's Encrypt. The one downside of these solutions is that the certificates are often only valid for short periods of time - 3 months in the case of Let's Encrypt.

While automatic renew processes exist, they can be error prone and sometimes fail quietly. As an additional measure, Let's Encrypt sends an email reminding the owner of the certificate is expiring soon - but what happens if the owner leaves a company or is on vacation? These messages go into the void.

To prevent certificates from expiring silently we created a Slack based bot that automatically checks the SSL expiry dates on all our domains and alerts us if they are going to expire within the next 2 weeks - see the screen shot above.

Probably the hardest part of the development was getting Elixir to check SSL expiry times. Below is a snippet that you can use to extract the date tuple of any certificate:

# Start SSL 
:ssl.start

# Specify Domain
domain = "google.com"

# Retrieve certificate
{:ok, socket} = :ssl.connect(String.to_charlist(domain), 443, [])
{:ok, cert} = :ssl.peercert(socket)
:ssl.close(socket)

# Decode the certificate and extract the correct tuple
:public_key.pkix_decode_cert(cert, :otp)
|> elem(1)
|> elem(5)
|> IO.inspect