Use python to check validity of SSL Certs

import ssl
import datetime
from urllib.request import urlopen


urls = [
    'https://www.example1.com',
    'https://www.example2.com',
    'https://www.example3.com',
]

for url in urls:
    try:
        cert = ssl.get_server_certificate((url, 443))
        x509 = ssl.PEM_cert_to_DER_cert(cert)
        cert_data = ssl.DER_cert_to_PEM_cert(x509)
        ssl_cert = ssl.ssl.get_server_certificate((url, 443))
        ssl_cert_data = ssl.ssl.DER_cert_to_PEM_cert(ssl.PEM_cert_to_DER_cert(ssl_cert))

        cert = ssl.get_server_certificate((url, 443))
        x509 = ssl.PEM_cert_to_DER_cert(cert)
        cert_data = ssl.DER_cert_to_PEM_cert(x509)
        x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_data)
        # Now check the cert 
        expiry_date = datetime.datetime.strptime(x509.get_notAfter().decode(), '%Y%m%d%H%M%SZ')
        current_time = datetime.datetime.utcnow()
        if expiry_date < current_time:
            print(f'{url} SSL certificate is expired')
        else:
            print(f'{url} SSL certificate is valid')
    except Exception as e:
        print(f'Error checking SSL certificate for {url}: {e}')

It's worth noting that this script will only verify the certificate chain up to the root CA, so if any of the intermediate CAs are not trusted by the system it will not be able to validate the certificate chain. In order to fully validate a certificate chain, it is recommended to use a package such as requests and configure it to use a custom CA bundle. This will ensure that the certificate chain is fully validated up to the root CA and that any intermediate CAs are also trusted by the system.