$ Linux One Liners
Back to lessons

Web Server Rescue

Risk: safe

Show TLS Certificate Dates

You need to read the served TLS certificate validity window.

Command

openssl s_client -connect edge.test:443 -servername edge.test </dev/null 2>/dev/null | openssl x509 -noout -dates

Before you run this

Risk: safe. Do not use local certificate files when you need to know what the edge is actually serving.

Expected output

notBefore and notAfter dates from the served certificate.

System impact

Nothing changes. The command performs a read-only TLS handshake and prints certificate dates.

Recovery / rollback: no state is changed.

When to use it

Use when browsers report certificate expiry or a monitoring check says TLS is invalid.

When not to use it

Do not use local certificate files when you need to know what the edge is actually serving.

Watch this command run

Example output from a temporary Linux lab

This example uses disposable sample files and sanitized output so you can inspect the shape of the result before touching a real system.

demo@lab:~$

$ openssl s_client -connect example.com:443 -servername example.com </dev/null 2>/dev/null | sed -n '1,8p'

CONNECTED(00000003)
Protocol  : TLSv1.3
Cipher    : TLS_AES_256_GCM_SHA384
Verify return code: 0 (ok)
-----BEGIN CERTIFICATE-----
FIXTURE-edge
-----END CERTIFICATE-----

$ openssl s_client -connect example.com:443 -servername example.com </dev/null 2>/dev/null | openssl x509 -noout -dates

notBefore=Jun  1 00:00:00 2026 GMT
notAfter=Aug 30 23:59:59 2026 GMT
View reproducible demo details

This page shows the sanitized shell transcript and the setup steps needed to reproduce the example.

Lab setup steps

  1. openssl s_client -connect edge.test:443 -servername edge.test </dev/null 2>/dev/null | sed -n '1,8p'
  2. openssl s_client -connect edge.test:443 -servername edge.test </dev/null 2>/dev/null | openssl x509 -noout -dates

next steps

Related commands

Web Server Rescue Risk: safe

Show TLS Certificate Names

The cert was valid, but not for this hostname.

openssl s_client -connect edge.test:443 -servername edge.test </dev/null 2>/dev/null | openssl x509 -noout -subject -ext subjectAltName
Web Server Rescue Risk: safe

Check the Certificate Served for SNI

The IP was right. The SNI name selected the wrong certificate.

openssl s_client -connect 203.0.113.10:443 -servername wrong.edge.test </dev/null 2>/dev/null | openssl x509 -noout -subject -ext subjectAltName
Web Server Rescue Risk: safe

Show TLS Protocol and Cipher

The certificate was fine. The TLS negotiation told the rest of the story.

openssl s_client -connect edge.test:443 -servername edge.test </dev/null 2>/dev/null | awk '/Protocol|Cipher|Verify return code/ {print}'
Web Server Rescue Risk: safe

Smoke Check an HTTP Status

A deploy is not done until the endpoint answers.

curl -fsS -o /dev/null -w '%{http_code} %{time_total}s\n' https://example.com/health
Web Server Rescue Risk: safe

Find Large Directories with du

Once you know a filesystem is full, the next question is where.

du -xh --max-depth=1 /var 2>/dev/null | sort -h
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:109-networking
  • lfcs:networking
  • lfcs:services-logs
  • linuxplus:provisional
  • linuxplus:troubleshooting
  • risk:read-only

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.