diff --git a/defaults.inc b/defaults.inc
index 8a790348..562fa6bf 100755
--- a/defaults.inc
+++ b/defaults.inc
@@ -58,3 +58,21 @@ DIVIDER(){
 	fi
 }
 
+CERT-CHECK(){
+	TARGET="mysite.example.net"; 
+	RECIPIENT="hostmaster@mysite.example.net";
+	DAYS=7;
+	echo "checking if $TARGET expires in less than $DAYS days";
+	expirationdate=$(date -d "$(: | openssl s_client -connect $TARGET:443 -servername $TARGET 2>/dev/null \
+	                              | openssl x509 -text \
+	                              | grep 'Not After' \
+	                              |awk '{print $4,$5,$7}')" '+%s'); 
+	in7days=$(($(date +%s) + (86400*$DAYS)));
+	if [ $in7days -gt $expirationdate ]; then
+	    echo "KO - Certificate for $TARGET expires in less than $DAYS days, on $(date -d @$expirationdate '+%Y-%m-%d')" \
+	    | mail -s "Certificate expiration warning for $TARGET" $RECIPIENT ;
+	else
+	    echo "OK - Certificate expires on $expirationdate";
+	fi
+}
+
diff --git a/nodemgmt-scripts.sh b/nodemgmt-scripts.sh
index 7e9572d3..33f79d78 100755
--- a/nodemgmt-scripts.sh
+++ b/nodemgmt-scripts.sh
@@ -87,12 +87,15 @@ LISTCERTS(){
 	#DIVIDER true
 	for d in /etc/letsencrypt/live/*/ ; do
 		SUBJECTNAMES=$(openssl x509 -in ${d}/cert.pem -noout -text|grep -oP '(?<=DNS:|IP Address:)[^,]+'|sort -uV)
-		IFS=':'
-		SUBJECTNAMES=(${SUBJECTNAMES//$'\n'/:})
-		unset IFS
-	    echo "$d"
+		IFS=':'; SUBJECTNAMES=(${SUBJECTNAMES//$'\n'/:}); unset IFS
+		
+		CERTEXPIRE=$(date -d "$(: | openssl x509 -in ${d}/cert.pem -text \
+		                              | grep 'Not After' \
+		                              |awk '{print $4,$5,$7}')" '+%s'); 
+		
+		
 		declare -p SUBJECTNAMES
-		#echo ${SUBJECTNAMES//$'\n'/:}
+		echo "Expires: ${CERTEXPIRE}"
 		echo ""
 	done