#!/bin/bash

readarray -t domain_list < domain_list.txt

for raw_domain in "${domain_list[@]}"; do
    domain=${raw_domain%$'\r'}

    if [[ -z "$domain" ]]; then
        continue
    fi

    certificate=$(
        openssl s_client \
            -connect "${domain}:443" \
            -servername "$domain" \
            -showcerts \
            </dev/null 2>/dev/null |
        sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' |
        sed -n '1,/-----END CERTIFICATE-----/p'
    )

    if [[ -z "$certificate" ]]; then
        echo "Checking domain: $domain - Could not retrieve certificate"
        continue
    fi

    expiration_date=$(printf '%s\n' "$certificate" | openssl x509 -noout -enddate 2>/dev/null | cut -d= -f2)

    if [[ -n "$expiration_date" ]]; then
        echo "Checking domain: $domain - $expiration_date"
        echo ""
    else
        echo "Checking domain: $domain - Could not parse certificate"
    fi
done