diff --git a/aio/aio-builds-setup/dockerbuild/scripts-sh/health-check.sh b/aio/aio-builds-setup/dockerbuild/scripts-sh/health-check.sh
index 6a50c22175583..1cb8ba0a90340 100644
--- a/aio/aio-builds-setup/dockerbuild/scripts-sh/health-check.sh
+++ b/aio/aio-builds-setup/dockerbuild/scripts-sh/health-check.sh
@@ -8,10 +8,32 @@ exitCode=0
 
 
 # Helpers
+function checkCert {
+  local certPath=$1
+
+  if [[ ! -f "$certPath" ]]; then
+    echo "Certificate '$certPath' does not exist. Skipping expiration check..."
+    return
+  fi
+
+  openssl x509 -checkend 0 -in "$certPath" -noout > /dev/null
+  reportStatus "Certificate '$certPath'"
+
+  if [[ $? -ne 0 ]]; then
+    echo "  [WARN]"
+    echo "  If you did not provide the certificate explicitly, try running the"
+    echo "  'docker build' command again with the '--no-cache' option to generate"
+    echo "  a new self-signed certificate."
+  fi
+}
+
 function reportStatus {
   local lastExitCode=$?
+
   echo "$1: $([[ $lastExitCode -eq 0 ]] && echo OK || echo NOT OK)"
   [[ $lastExitCode -eq 0 ]] || exitCode=1
+
+  return $lastExitCode
 }
 
 
@@ -28,6 +50,16 @@ for s in ${services[@]}; do
 done
 
 
+# Check SSL/TLS certificates expiration
+certs=(
+  "$AIO_LOCALCERTS_DIR/$AIO_DOMAIN_NAME.crt"
+  "$TEST_AIO_LOCALCERTS_DIR/$TEST_AIO_DOMAIN_NAME.crt"
+)
+for c in ${certs[@]}; do
+  checkCert $c
+done
+
+
 # Check servers
 origins=(
   http://$AIO_PREVIEW_SERVER_HOSTNAME:$AIO_PREVIEW_SERVER_PORT