diff --git a/config.go b/config.go
index bd026649..799fbc12 100644
--- a/config.go
+++ b/config.go
@@ -72,6 +72,7 @@ type tlsConfigSettings struct {
 
 // field ordering is not important -- these are for API and are recalculated on each run
 type tlsConfigStatus struct {
+	NotAfter          string `yaml:"-" json:"not_after,omitempty"`
 	StatusCertificate string `yaml:"-" json:"status_cert,omitempty"`
 	StatusKey         string `yaml:"-" json:"status_key,omitempty"`
 	Warning           string `yaml:"-" json:"warning,omitempty"`
diff --git a/control.go b/control.go
index 65a7077e..bd7b673c 100644
--- a/control.go
+++ b/control.go
@@ -1171,6 +1171,7 @@ func validateCertificates(data tlsConfig) (tlsConfig, error) {
 		// update status
 		if mainCert != nil {
 			notAfter := mainCert.NotAfter
+			data.NotAfter = notAfter.Format(time.RFC3339)
 			data.StatusCertificate = fmt.Sprintf("Certificate expires on %s", notAfter) //, valid for hostname %s", mainCert.NotAfter, mainCert.Subject.CommonName)
 			if len(mainCert.DNSNames) == 1 {
 				data.StatusCertificate += fmt.Sprintf(", valid for hostname %s", mainCert.DNSNames[0])