I suggest reading up a little more about Apple's receipt verification and how most effectively validate In-App Purchases.
To your question: In short, yes. Requesting the current time from a server will give you the current time independent from the users device. This will always be the most reliable way to retrieve the current time.
A little more detail...
What you need to do is read the receipt url as data then base 64 encode it from the data. There is a similar post to this question which will be helpful in understanding this process.
Ultimately you need to handle this sensitive data as securely as you can - this process will allow you to retrieve the best kept "safe" expiration date (receipt) for your IAP.
Read this post to help point you in the right direction.
In regard to checking the "correct time" there are a few approaches you can take here.
Approach 1
Get the correct time from an API. Here is an API you could use to get the world time. You could also use AWS to get the current time.
Approach 2
This response goes into a simple way to monitor device clock changes to make sure / listen for the user changing the time. By monitoring for any large time changes you can decide whether the user has changed the clock maliciously or not.
Approach 1 will deliver (of course) an independent time for you to compare that should always be the true current time, where as 2 is a way that you can monitor the device's clock.
