Google Sheets SSL Expiry Checker is a secure, free, and lightweight solution for checking SSL certificate expiry dates directly inside Google Sheets.
It is built with Google Apps Script on the frontend and a PHP API (MODX or standalone) on the backend.
✅ Manager-friendly — works directly in a Google Spreadsheet
✅ Secure by design — HMAC signature, HTTPS-only, timestamp validation
✅ Cache-enabled — reduces load and blocks spamming
✅ Flexible backend — works with MODX or any PHP hosting
✅ Free — no paid APIs or SaaS dependencies
| ❌ Without this | 💥 Issue |
|---|---|
| Manual SSL checks | Time-consuming & error-prone |
| No centralized access | Every manager does it differently |
| Public/free APIs | Privacy concerns, rate limits |
| No caching | Risk of overloading the server |
| ✅ Feature | 🚀 Benefit |
|---|---|
| Google Apps Script UI in Sheets | No extra training for managers |
| Secure PHP API endpoint | Prevents unauthorized requests |
| HMAC SHA256 signature | Ensures data integrity |
| Timestamp check | Blocks replay attacks |
| MODX System Settings key storage | Easy key rotation |
| File/socket SSL parsing | Direct expiry date retrieval |
| Server-side caching | Protects from overuse |
- Place the
api.phpscript in your hosting root (can be MODX or pure PHP). - If using MODX:
- Create a System Setting named
ssl_checker_api_keyand set your secret key. - Ensure
$modx->cacheManageris available for caching.
- Create a System Setting named
- If using standalone PHP:
- Store
$storedApiKeyin a secure config file. - Replace MODX caching with
file_put_contents()or any cache system.
- Store
- Serve API only over HTTPS.
- Open your Google Sheet.
- Go to Extensions → Apps Script.
- Paste the provided Google Apps Script code.
- In the sheet, open the ⚙️ GM SCRIPTS menu and run SSL CHECKER.
- Enter:
- API URL (
https://yourdomain.com/api.php) - API Key (from backend)
- Column with domains
- Column to update with expiry dates
- API URL (
- Done ✅ — all expiry dates will be fetched securely.
- HTTPS-only — request rejected if not over TLS
- HMAC SHA256 — verifies request authenticity
- Timestamp validation (±30s) — blocks replay attacks
- Server-side cache (60s default) — reduces load & spam
- Minimal exposed surface — only one POST endpoint
- Maxum post content size — is 500 KB
- 🕒 Saves hours — no manual SSL checks
- 📊 Centralized view of certificate expiry dates
- 🔐 No public API leakage
- ⚡ Fast due to caching
| Component | Details |
|---|---|
| Language | PHP 7+ |
| Database | MySQL / MariaDB (MODX) or none (standalone) |
| Frontend | Google Apps Script |
| Security | HMAC + HTTPS + Timestamp |
| Caching | MODX CacheManager or custom |
| Compatibility | Any HTTPS-enabled PHP hosting |
MIT — free to use, modify, and integrate.
⭐ If this tool saved you time — give it a star on GitHub and share with your colleagues!