Two words - Google Calendar.

Now, I know what you think ;^) but their text (as in SMS) reminders, which you can set as far away or as close to the date/time as you like, are unparalleled.

You can obviously use their email reminders as well but this functionality can be easily replaced by plethora of "remider" software, not to mention 'at', 'cron', etc.

Daily cron script that extracts SSL cert expiration dates from the SSL handshake and scrapes whois output for domain expiration dates, and warns me if less than 60 days are left.

Sadly whois doesn't always show expiration dates :(

As my domains don't expire but are renewed automatically, I don't have to monitor that, but I do have a cron job for my SSL certificates. It checks only the symlinks named current.pem which always point to the newest certificate, and its output is mailed to me (if any).

#!/bin/bash

function check_certificate {
file=$1
usage=$2
cert=$(openssl x509 -noout -text -in "$file" | grep "Not After" | sed -e 's#^.*Not After *: ##')
cert_timestamp=$(date --date="$cert" +%s)
now_timestamp=$(date +%s)
diff_seconds=$(expr $cert_timestamp - $now_timestamp)
diff_days=$(expr $diff_seconds / 60 / 60 / 24)
if [ $diff_days -le 14 ]; then
echo ""
echo $diff_days DAYS LEFT: $usage CERTIFICATE $file IS EXPIRING on $cert
fi
}

1. check Apache SSL certificates and notify if less than 2 weeks remain
   find /etc/apache2/certs -name 'current.pem' | while read file; do
   check_certificate "$file" "APACHE"
   done

1. check Dovecot SSL certificates and notify if less than 2 weeks remain
   check_certificate "/etc/certs/dovecot.pem" "MAIL SERVER"
   
   

For SSL certificates there's the check_ssl_cert Nagios plugin, in nagios-plugins-contrib.

Paulo, is that the same check_ssl_cert that I wrote a year or two back because Nagios didn't offer it? :-) Anyway, that's what I use:

http://firedrake.org/cgi-bin/gitweb.cgi?p=nagios-plugins.git

For what it is worth my sysadmin-util repository contains a simple script to check SSL:

• ssl-expiry-date

Like most other such-scripts it uses openssl to do the connection and parses it in a hoky way.

The default Nagios package in Debian includes check_http which can check SSL certificates just fine:
command_line /usr/lib/nagios/plugins/check_http --ssl -p 443 -C 14 -H $ARG1$ -I $HOSTADDRESS$
will turn into a WARNING 14 days before the certificate expires and CRITICAL when it actually is expired.

As for domains, we just use a registrar that auto-renews.

Congrats on the new domains, I know how a good domain shopping spree feels like.

I do have a problem with the .io registrar though and their lack of consideration for privacy - especially since they seem to be British. In their whois replies they show all the nice information about you - full name, address, phone number, shoe size... I much prefer the .eu or .ro in this regard.