监控https证书的到期时间实现该功能，不用借助第三方库，用go的标准库就足够了.. 以下程序可以获取这些域名的SSL证

实现该功能，不用借助第三方库，用go的标准库就足够了..

以下程序可以获取这些域名的SSL证书的到期时间，并在证书距离现在不足7天过期时打印提示：

package main

import (
	"crypto/tls"
	"fmt"
	"net"
	"time"
)

func main() {
	domains := []string{
		"google.com",
		"github.com",
		"stackoverflow.com",
		"amazon.com",
		"microsoft.com",
		"apple.com",
		"netflix.com",
		"facebook.com",
		"twitter.com",
		"linkedin.com",
	}

	for _, domain := range domains {
		expirationDate, err := getCertificateExpirationDate(domain)
		if err != nil {
			fmt.Printf("Error getting certificate for %s: %v\n", domain, err)
			continue
		}

		daysUntilExpiration := int(expirationDate.Sub(time.Now()).Hours() / 24)

		if daysUntilExpiration <= 7 {
			fmt.Printf("WARNING: Certificate for %s will expire in %d days (on %s)\n", domain, daysUntilExpiration, expirationDate.Format("2006-01-02"))
		} else {
			fmt.Printf("Certificate for %s will expire in %d days (on %s)\n", domain, daysUntilExpiration, expirationDate.Format("2006-01-02"))
		}
	}
}

func getCertificateExpirationDate(domain string) (time.Time, error) {
	conn, err := tls.Dial("tcp", domain+":443", &tls.Config{
		InsecureSkipVerify: true,
	})
	if err != nil {
		return time.Time{}, err
	}
	defer conn.Close()

	cert := conn.ConnectionState().PeerCertificates[0]
	return cert.NotAfter, nil
}

执行代码,输出:

Certificate for google.com will expire in 61 days (on 2024-08-26)
Certificate for github.com will expire in 255 days (on 2025-03-07)
Certificate for stackoverflow.com will expire in 45 days (on 2024-08-09)
Certificate for amazon.com will expire in 196 days (on 2025-01-07)
Certificate for microsoft.com will expire in 354 days (on 2025-06-14)
Certificate for apple.com will expire in 63 days (on 2024-08-27)
Certificate for netflix.com will expire in 121 days (on 2024-10-24)
WARNING: Certificate for facebook.com will expire in 7 days (on 2024-07-02)
Certificate for twitter.com will expire in 157 days (on 2024-11-29)
Certificate for linkedin.com will expire in 35 days (on 2024-07-30)

对于A记录,其实都好说~

但是对于CNAME, 其实是有两套证书----CNAME并不是301,访问 baidu.mydomain.com 时并不是跳转到 baidu.com/，而是https://…

所以对于此处, 如果我是mydomain.com的持有者和维护者, 我只需要关心 baidu.mydomain.com 的证书到期时间,而不用管baidu.com的证书到期时间 (虽然事实上,baidu .mydomain.com的证书,也可以被baidu.com的维护者一起帮忙维护，但一般是mydomain.com的持有者自己维护)

所以,检测CNAME记录时，应该关心"baidu.mydomain.com"的证书到期时间,不用管"baidu.com"---这个是baidu那边的事情