Let’s say you’re using Let’s Encrypt (or whatever else) and you added multiple hostnames/domains to a certificate, but you don’t remember what was attached exactly and you’d like to check.

Let’s assume the certificate is in: /etc/letsencrypt/live/example.net/fullchain.pem

The simplest way would be to just pass it onto OpenSSL to output the certificate as text:

openssl x509 -in /etc/letsencrypt/live/example.net/fullchain.pem -text

And then we can analyze the full cert and look for all domains attached… however, that’s a bit cumbersome. Let’s simplify a little by using grep:

grep 'DNS:' <(openssl x509 -in /etc/letsencrypt/live/example.net/fullchain.pem -text)

Now we can see all domains in one line, while that’s plenty for human readability, it’s not really useful for scripting. So, let’s drop grep and switch to using awk!

openssl x509 -in /etc/letsencrypt/live/example.net/fullchain.pem -text | awk '{while (match($0, /DNS:([^,^ ]+)/, m)) {print m[1]; $0 = substr($0, RSTART + RLENGTH)}}'

Now we get every hostname extracted into a new line, which is both easy to read and also useful for scripting. (:

I run this blog in my free time, if I helped you out, consider donating a cup of coffee. (: