diff --git a/cron.php b/cron.php
index 439a8f02..babe5288 100644
--- a/cron.php
+++ b/cron.php
@@ -135,6 +135,59 @@ while($row = mysqli_fetch_array($sql_companies)){
     mysqli_query($mysqli,"UPDATE domains SET domain_name = '$domain_name',  domain_expire = '$expire', domain_ip = '$a', domain_name_servers = '$ns', domain_mail_servers = '$mx', domain_raw_whois = '$whois' WHERE domain_id = $domain_id");
 
 
+    // REFRESH SSL CERTIFICATES
+
+    // Get the oldest updated domain (MariaDB shows NULLs first when ordering by default)
+    $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT certificate_id, certificate_domain FROM `certificates` ORDER BY certificate_updated_at LIMIT 1"));
+
+    if(!empty($row)){
+      $certificate_id = $row['certificate_id'];
+      $certificate_domain = $row['certificate_domain'];
+
+      // FQDNs in database shouldn't have a URL scheme, adding one
+      $domain = "https://".$certificate_domain;
+
+      // Parse host and port
+      $url = parse_url($domain, PHP_URL_HOST);
+      $port = parse_url($domain, PHP_URL_PORT);
+
+      // Default port
+      if(!$port){
+        $port = "443";
+      }
+
+      // Get certificate (using verify peer false to allow for self-signed certs)
+      $socket = "ssl://$url:$port";
+      $get = stream_context_create(array("ssl" => array("capture_peer_cert" => TRUE, "verify_peer" => FALSE,)));
+      $read = stream_socket_client($socket, $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $get);
+
+      if($read){
+        $cert = stream_context_get_params($read);
+        $cert_public_key_obj = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);
+        openssl_x509_export($cert['options']['ssl']['peer_certificate'], $export);
+
+        // Success - process data
+        if($cert_public_key_obj){
+          $expire = mysqli_real_escape_string($mysqli, date('Y-m-d', $cert_public_key_obj['validTo_time_t']));
+          $issued_by = mysqli_real_escape_string($mysqli, strip_tags($cert_public_key_obj['issuer']['O']));
+          $public_key = mysqli_real_escape_string($mysqli, $export);
+
+          // Update the record (forcing certificate_created_at field to be updated to ensure we don't try and update the same record every day)
+          mysqli_query($mysqli, "UPDATE certificates SET certificate_issued_by = '$issued_by', certificate_expire = '$expire', certificate_public_key = '$public_key', certificate_updated_at = NOW() WHERE certificate_id = '$certificate_id' LIMIT 1");
+          echo "Updated $certificate_domain";
+        }
+        else{
+          // Likely the SSL socket failed, log an error notification
+          mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Cron', notification = 'Nightly SSL update for $certificate_domain failed. Please check and manually update this record.', notification_timestamp = NOW(), company_id = $company_id");
+        }
+      }
+      else{
+        // Likely the SSL socket failed, log an error notification
+        mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Cron', notification = 'Nightly SSL update for $certificate_domain failed. Please check and manually update this record.', notification_timestamp = NOW(), company_id = $company_id");
+      }
+    }
+
+
     // GET NOTIFICATIONS
 
     // DOMAINS EXPIRING