Automation for checking ssl certificate expiry

ELY3M · March 22, 2026, 12:11am

I am trying to get this script to work. I want to check the days left on ssl certification and notify me on my phone.

alias: SSL Certificate Expiry Alert
description: “”
triggers:

trigger: time
at: “19:06:00”
conditions:
condition: numeric_state
entity_id: sensor.xxxxxx_xxxxxx_com_xxxxxxx_cert_expiry
below: 300
actions:
action: script.notification
metadata: {}
data:
title: SSL certificate is expiring!
message: SSL certificate is expiring!
mode: single

I am getting error about numberic

Executed: March 21, 2026 at 7:12:33 PM

Error: In ‘numeric_state’: In ‘numeric_state’ condition: entity sensor.xxxxxxxxxxxxxxxxxxxx_cert_expiry state ‘2026-04-11T02:17:30+00:00’ cannot be processed as a number

entity_id/0

Executed: March 21, 2026 at 7:12:33 PM

Error: In ‘numeric_state’ condition: entity sensor.xxxxxxxxxxxxx_cert_expiry state ‘2026-04-11T02:17:30+00:00’ cannot be processed as a number

ELY3M · March 22, 2026, 12:28am

The situation is that I have to add a value template!!!

ELY3M · March 22, 2026, 12:32am

alias: SSL Certificate Expiry Alert
description: ""
triggers:
  - trigger: time
    at: "19:29:00"
conditions:
  - condition: numeric_state
    entity_id: sensor.replace_with_your__cert_expiry
    below: 3
    value_template: >-
      {{ ((as_timestamp(states('sensor.replace_with_your__cert_expiry')) -
      now().timestamp()) / 86400) }}
actions:
  - action: script.notification
    metadata: {}
    data:
      title: SSL certificate is expiring!
      message: SSL certificate is expiring!
mode: single

IOT7712 · March 22, 2026, 1:44am

As part of survival, this functionality should be part of the core process in HomeAssistant.

Even entities such as Microsoft, Google and Amazon have been caught out in the past, the person responsible for certificate renewal having left the organisation or being moved along.

Yes, great idea, but it should be an integral part of HomeAssistant to monitor these, not an user afterthought.

koying · March 22, 2026, 1:25pm

By 2029, public certificates validity will be recommended to be 47 days.
At that level, you don’t check if they are about to expire, you rotate them automatically

IOT7712 · March 22, 2026, 4:10pm

…thus negating their original reason for existence.

aceindy · March 22, 2026, 9:52pm

here is another one, it also start the addon so it’ll renew.
I could also automatically restart HA to validate the new certificate, but i rather restart manually (which i would probably do within 3 weeks anyway)

alias: "@Let's encrypt certificate check."
description: Will expire in 3 weeks
triggers:
  - at: "07:00:00"
    trigger: time
conditions:
  - condition: template
    value_template: >-
      {{ (states('sensor.sensor.cert_expiry_timestamp_ha_whitehouse_org') |
      as_datetime - timedelta(days=21)) < now() }}
actions:
  - data:
      title: Let's Encrypt
      message: Certificate will expire in 3 weeks, trying to renew, please verify
    action: notify.mobile_app_ip12
  - data:
      addon: core_letsencrypt
    action: hassio.addon_start
mode: single

IOT7712 · March 23, 2026, 10:06am

Somebody with a Middle Eastern accent called to ask if they could use the one from their country instead.
Seriously, will this work behind non-US unfriendly networking barriers? Not everybody loves the orangetop slavishly.

koying · March 23, 2026, 12:08pm

I don’t follow you. Are you talking about certificates?
They are meant to prove the website is who it says it is. The shortest the validity period, the less likely they are compromised…