I tried to make it as simple as possible. The following automation triggers 30 days before a the HA certificate expires. It renews the certificate and restarts HA that evening at 3am.
It relies on the “Let’s Encrypt” add-on and the “Cert Expiry” integration being installed.
Replace ‘sensor.my_certificate_name_cert_expiry’ with your “Cert Expiry” sensor name.
Replace ‘notify.mobile_app_my_app’ with the name of your mobile app.
alias: Renew certificate before expiry
description: ""
triggers:
- trigger: time
at:
entity_id: sensor.my_certificate_name_cert_expiry
offset: "-720:00:00"
conditions: []
actions:
- action: notify.mobile_app_my_app
metadata: {}
data:
message: >-
Going to renew my.certificate.name certificate tonight, will expire {{
states('sensor.my_certificate_name_cert_expiry') }}
- wait_for_trigger:
- trigger: time
at: "03:00:00"
continue_on_timeout: false
enabled: true
- action: hassio.addon_start
data:
addon: core_letsencrypt
enabled: true
- delay:
hours: 0
minutes: 10
seconds: 0
milliseconds: 0
enabled: true
- action: homeassistant.restart
metadata: {}
data: {}
enabled: true
- action: notify.mobile_app_my_app
metadata: {}
data:
message: >-
Renewed my.certificate.name certificate, will expire {{
states('sensor.my_certificate_name_cert_expiry') }}
- action: notify.persistent_notification
metadata: {}
data:
message: >-
Renewed my.certificate.name certificate, will expire {{
states('sensor.my_certificate_name_cert_expiry') }}
mode: single
1 Like
Sorry for being late to the party, but I’m really curious: what’s the advantage of your snippet over the one @luckman212 linked to above ?
I’m not sure if you’re asking me or the post just above yours, but in either case, this comment applies (unless the site linked has been updated):
Yes, it looks like that should work for you. The toggle to restart home assistant automtically should be what you’re looking for, but it appears to be overkill. They are calling service hassio.host_reboot even though restarting home assistant should be sufficient. Note that steps to achieve a home assstant restart are described under the Automating HA Restart header in my OP, but re: tldr you could change the aforementioned service to homeassistant.restart if you are using the blueprint.
@The00Dustin I meant @whereisaaron , sorry for any inconvenience caused.
His script already calls restart instead of reboot, so it boils down to what’s the actual difference between the two?
Not a lot of difference as far as I can see. Just a simple automation instead of the blueprint maybe?
ADN
December 16, 2025, 12:28pm
26
Here is a simple automation to renew the CERT if it expires in less then 24 hours.
alias: "Renew LE certificate"
description: "Renew SSL cert if less than 24 hours remaining"
mode: single
triggers:
- trigger: time
at: "03:15:00"
conditions:
- condition: template
value_template: >-
{{
(as_timestamp(states('sensor.<YOURFQDN>_cert_expiry'), default=0)
- now().timestamp()) < 86400
}}
actions:
- action: hassio.addon_restart
data:
addon: core_letsencrypt
- delay:
minutes: 2
- action: hassio.addon_restart
data:
addon: core_nginx_proxy
1 Like
robvdl
January 9, 2026, 12:45am
27
Would it not be possible to reduce that down to “restart nginx proxy addon”, I suppose not everyone is using the certificate with that, but for those that are it would be less interruptive to restart the nginx addon only as HA would keep on running while nginx restarted.
A reload of nginx would be even better but I don’t think that is possible with addons, correct me if I’m wrong.
robvdl
January 9, 2026, 12:52am
28
I see that ADN is already doing restart nginx proxy as well, appologies.
actions:
- action: hassio.addon_restart
data:
addon: core_nginx_proxy
