One of my first quickposts, more than 10 years ago, was an howto: using openssl to retrieve the certificate of a web site.
You just have to scan the site and port for which you want to check the certificate, like this: nmap -p 443 –script ssl-cert didierstevens.com
If you want the certificate too, increase verbosity with option -v:
Checking a certificate will not work if you scan a port that is not known to provide SSL/TLS:
In that case, you have to use service discovery (-sV):