diff --git a/bin/zert-check b/bin/zert-check
new file mode 100755
index 0000000..5d5c3f6
--- /dev/null
+++ b/bin/zert-check
@@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+# zert-check — SSL-Zertifikate aller motocamp.de Subdomains prüfen
+
+RED='\033[0;31m'
+YELLOW='\033[1;33m'
+GREEN='\033[0;32m'
+BOLD='\033[1m'
+RESET='\033[0m'
+
+DOMAINS=(
+  motocamp.de
+  www.motocamp.de
+  dsm.motocamp.de
+  akku.motocamp.de
+  akkudb.motocamp.de
+  audiobooks.motocamp.de
+  bitwarden.motocamp.de
+  calibre.motocamp.de
+  docs.motocamp.de
+  git.motocamp.de
+  grafana.motocamp.de
+  home.motocamp.de
+  immich.motocamp.de
+  iobroker.motocamp.de
+  mealie.motocamp.de
+  n8n.motocamp.de
+  npm.motocamp.de
+  pairdrop.motocamp.de
+  paperless.motocamp.de
+)
+
+printf "${BOLD}%-35s %-12s %-12s %s${RESET}\n" "Domain" "Läuft ab" "Tage" "Status"
+printf '%0.s─' {1..70}; echo
+
+TODAY=$(date +%s)
+
+for domain in "${DOMAINS[@]}"; do
+  result=$(echo | openssl s_client -connect "${domain}:443" -servername "$domain" 2>/dev/null \
+    | openssl x509 -noout -enddate 2>/dev/null)
+
+  if [[ -z "$result" ]]; then
+    printf "%-35s ${RED}%-12s${RESET}\n" "$domain" "nicht erreichbar"
+    continue
+  fi
+
+  enddate=$(echo "$result" | sed 's/notAfter=//')
+  expiry_epoch=$(date -j -f "%b %d %T %Y %Z" "$enddate" +%s 2>/dev/null \
+    || date -d "$enddate" +%s 2>/dev/null)
+
+  days_left=$(( (expiry_epoch - TODAY) / 86400 ))
+  expiry_fmt=$(date -j -f "%b %d %T %Y %Z" "$enddate" "+%d.%m.%Y" 2>/dev/null \
+    || date -d "$enddate" "+%d.%m.%Y" 2>/dev/null)
+
+  if (( days_left <= 7 )); then
+    color=$RED
+    status="KRITISCH"
+  elif (( days_left <= 30 )); then
+    color=$YELLOW
+    status="bald fällig"
+  else
+    color=$GREEN
+    status="ok"
+  fi
+
+  printf "%-35s ${color}%-12s %-12s %s${RESET}\n" \
+    "$domain" "$expiry_fmt" "${days_left}d" "$status"
+done
diff --git a/zsh/.zshrc b/zsh/.zshrc
index 1e49040..8486e48 100644
--- a/zsh/.zshrc
+++ b/zsh/.zshrc
@@ -295,6 +295,7 @@ fi
 
 alias gitsync="~/git-projekte/dotfiles-rene/bin/git-sync-all.sh"
 alias mac-sync="curl -fsSL https://git.motocamp.de/rene/dotfiles-rene/raw/branch/main/bin/git-sync-all.sh | bash"
+alias zert-check="~/git-projekte/dotfiles-rene/bin/zert-check"
 
 # 8) Conda-Initialisierung
 # ----------------------------------------------------------