top of page
  • Subhasish Sahu

Domain SSL Certificate Expiry Notifications using Email

Updated: May 27, 2021

What all we need :

  • AWS SNS – Send an alert to channels like Email.

  • AWS Lambda – It runs your code without provisioning or managing servers. The Lambda console provides a code editor for non-compiled languages that lets you modify and test code quickly.

  • AWS Cloudwatch – Cloudwatch events are used to trigger Lambda functions at scheduled intervals.

We need to create a SNS topic and then we have to subscribe to email :

1) Click on " Create Topic"

Topic is successfully created:

Whenever we create a SNS topic , we will be provided a ARN , an endpoint using which we can communicate with other AWS Services.

Now we will create a subscription:

We will be alerted based on the configuration of Lambda function.

Click on "Create Subscription" :

Choose Email JSON ( will receive alerts in the JSON format) and type in your email address and then click create subscription.

Subscription is created successfully:

We need to approve the email id added in subscription

For that, we need to click on the link which has come to you mentioned email id

After approval, the status will get changed to "Confirmed"

2) Create a LAMBDA Function

Select Author from Scratch

Function Name : any name

Runtime : Python 2.7

Create a new role from AWS policy templates :

Role name : any name

Policy templates : Amazon SNS Publish policy

Set the handler to lambda_function.lambda_handler ( if not set by default)

Copy the SNS ARN and keep it handy

Copy past the python script and paste it in Source Code section:

Download TXT • 2KB

What needs to be changed :

Change the domain name : f = ['']

Update the TargetArn with your SNS topic ARN : TargetArn="arn:aws:sns:us-east-1:980624352078:SSL_Certificate_Expiry"

You can configured the script to send Warning on 20th day and less than 5th day as Critical.

Once everything is configured, Click Save.

Then click on Deploy

3) Create a CloudWatch Service

Choose Event Source as Scheduled or provide a cron expression as per your requirement.

In Targets, Choose the lambda function ,Then click on Configure details

How to Test it :

Small Change in Lambda Function to manually trigger the alert:

Testing Command:


"Type" : "Notification",

"MessageId" : "dasdasdsa-4323423423",

"TopicArn" : "arn:aws:sns:us-east-1:980624352078:SSL_Certificate_Expiry",

"Subject" : " SSL Certificate Expiry Warning alert",

"Message" : " certificate will be expired in 30 days!! ",


View Logs in CloudWatch for successful trigger :

Logs for which the condition was not trigger :

Logs for which the condition was trigger ,after slight change in lambda function script:

You will receive a similar mail :

44 views0 comments
bottom of page