Monitoring SNI SSL Certificate Expiration with Nagios

Nagios' plugin check_http can also be used to verify the validity/expiration of an SSL certificate.

However if your webserver uses SNI (multiple SSL certificates on the same IP address), you have to use the --sni switch. Otherwise information for the wrong (default) SSL certitificate will be shown:

./check_http -H reddit.com -S -C 30,14
OK - Certificate 'notreddit.com' will expire on Thu May 29 00:59:00 2014.

Note the wrong certificate common name.

For SNI enabled webservers, the switch --sni is a must:

./check_http -H reddit.com -S --sni -C 30,14
OK - Certificate 'reddit.com' will expire on Thu Apr 23 00:59:00 2015.

Source: check_http and SNI SSL certificates