Skip to content

Expiration Validator

certmonitor.validators.expiration.ExpirationValidator

Bases: BaseCertValidator

A validator for checking the expiration date of an SSL certificate.

Attributes:

Name Type Description
name str

The name of the validator.

name class-attribute instance-attribute 

name: str = 'expiration'

validate 

validate(cert: Dict[str, Any], host: str, port: int) -> Dict[str, Any]

Validates the expiration date of the provided SSL certificate.

Parameters:

Name Type Description Default
cert dict

The SSL certificate.

 required
host str

The hostname (not used in this validator).

 required
port int

The port number (not used in this validator).

 required

Returns:

Name Type Description
dict Dict[str, Any]

A dictionary containing the validation results, including whether the certificate is valid, the number of days until expiry, the expiration date, and any warnings.

Examples:

Example output (success): This example shows a certificate that is valid and has 120 days until expiration, so no warnings are present.

```json
{
    "is_valid": true,
    "days_to_expiry": 120,
    "expires_on": "2025-09-01T23:59:59",
    "warnings": []
}
```

Example output (failure): This example shows a certificate that expired 10 days ago, so validation fails and a warning is included.

```json
{
    "is_valid": false,
    "days_to_expiry": -10,
    "expires_on": "2025-04-30T23:59:59",
    "warnings": [
        "Certificate is expired and has been expired for (-10 days)"
    ]
}
```
Source code in certmonitor/validators/expiration.py 
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
def validate(self, cert: Dict[str, Any], host: str, port: int) -> Dict[str, Any]:
    """
    Validates the expiration date of the provided SSL certificate.

    Args:
        cert (dict): The SSL certificate.
        host (str): The hostname (not used in this validator).
        port (int): The port number (not used in this validator).

    Returns:
        dict: A dictionary containing the validation results, including whether the certificate is valid,
              the number of days until expiry, the expiration date, and any warnings.

    Examples:
        Example output (success):
            This example shows a certificate that is valid and has 120 days until expiration, so no warnings are present.

            ```json
            {
                "is_valid": true,
                "days_to_expiry": 120,
                "expires_on": "2025-09-01T23:59:59",
                "warnings": []
            }
            ```

        Example output (failure):
            This example shows a certificate that expired 10 days ago, so validation fails and a warning is included.

            ```json
            {
                "is_valid": false,
                "days_to_expiry": -10,
                "expires_on": "2025-04-30T23:59:59",
                "warnings": [
                    "Certificate is expired and has been expired for (-10 days)"
                ]
            }
            ```
    """
    # Use timezone.utc for Python 3.8+ compatibility
    now = datetime.datetime.now(datetime.timezone.utc)
    not_after = parse_not_after(cert).replace(tzinfo=datetime.timezone.utc)

    is_valid = now < not_after
    days_to_expiry = (not_after - now).days

    warnings = []
    if days_to_expiry < 0:
        warnings.append(
            f"Certificate is expired and has been expired for ({days_to_expiry} days)"
        )
    if days_to_expiry < 7 and days_to_expiry > 0:
        warnings.append(
            f"Certificate is expiring in less than 1 week ({days_to_expiry} days)"
        )
    if days_to_expiry > 398:
        warnings.append(
            f"Certificate is valid for more than industry standard ({days_to_expiry}/398 days)"
        )

    return {
        "is_valid": is_valid,
        "days_to_expiry": days_to_expiry,
        "expires_on": not_after.isoformat(),
        "warnings": warnings,
    }