Blueprint for automatic renewal of a Let's Encrypt certificate

Blueprints Exchange
, , ,
1

Explanation
The Blueprint generates an automation that renews the Let’s Encrypt certificate of the Home Assistant. The prerequisite for this is that the “Cert Expiry” integration (Certificate Expiry - Home Assistant) and the “Let’s Encrypt” addon are installed and configured.

The automation checks daily at a specified time whether the expiration date of the certificate has fallen below a certain threshold. If the value falls below the threshold, the Let’s Encrypt addon is started and the certificate is renewed. If desired, a notification can be sent and the Home Assistant can be restarted to activate the new certificate.

Blueprint Code
Click the badge to import this Blueprint:
Open your Home Assistant instance and show the blueprint import dialog with a specific blueprint pre-filled.

blueprint:
  name: Renew Let's Encrypt Certificate
  description: Renew Certificate when due date is below given value
  domain: automation
  input:
    cert_expiry_sensor:
        name: Certificate Expiry Sensor
        description: Sensor from the Certificate Expiry Integration (https://www.home-assistant.io/integrations/cert_expiry)
        selector:
            entity:
                integration: cert_expiry
    renew_date:
        name: Certificate renewal date
        description: Date when the SSL-Certificate will be renewed
        selector:
            number:
                min: 1
                max: 29
                mode: slider
                unit_of_measurement: "days"
        default: 5
    time_to_check_cert:
        name: Certificate check time
        description: Time when the certificate date will be checked.
        selector:
            time:
    restart_after_renewal:
        name: Restart Home Assistant
        description: Restarts the Home Assistant when the certificate is renewed. (if enabled)
        selector:
            boolean:
        default: true
    minuts_till_restart:
        name: Minutes untile restart
        description: Minutes until restart of Home Assistant if restart is enabled
        selector:
            number:
                min: 1
                max: 60
                mode: slider
                unit_of_measurement: "minutes"
        default: 5
    send_notification:
        name: Send notification
        description: Sends a notification to a device if enabled
        selector:
            boolean:
        default: false
    notification_device:
        name: Device to notify
        description: Device which will be notified.
        selector:
            device:
                integration: mobile_app
    notification_title:
        name: Notification title
        description: Notification title for notification that is sent when the certificate has been renewed.
    notification_message:
        name: Notification message
        description: Notification that is sent when the certificate has been renewed.
alias: Renew SSL Cert
description: ''
trigger:
  - platform: time
    at: !input time_to_check_cert
condition:
  - condition: template
    value_template: '{{ expire_days_var < var_check }}'
action:
  - service: hassio.addon_start
    data:
      addon: core_letsencrypt
  - choose:
    - conditions:
        - condition: template
          value_template: '{{ send_notification_var }}'
      sequence:
        - device_id: !input notification_device
          domain: mobile_app
          type: notify
          title: '{{ message_title_var }}'
          message: '{{ message_var }}'
    default: []
  - choose:
    - conditions: 
        - condition: template
          value_template: '{{ restart_after_renewal_var }}'
      sequence:
        - delay:
              hours: 0
              minutes: !input minuts_till_restart
              seconds: 0
              milliseconds: 0
        - service: hassio.host_reboot
    default: []
mode: single
variables:
  certificate_var: !input cert_expiry_sensor
  var_check: !input renew_date
  message_var: !input notification_message
  message_title_var: !input notification_title
  restart_after_renewal_var: !input restart_after_renewal
  send_notification_var: !input send_notification
  expire_days_var: >-
    {{ ((as_timestamp(states(certificate_var)) - as_timestamp(now())) / 60 / 60 / 24 ) | int }}
6 Likes
2

Thank you!

1 Like
3

Thanks for this!
The only problem I had, is that you need to have a “mobile_app” configured to create the automation, even though I don’t want to use notifications. Solved it by commenting out “domain: mobile_app”, which allows me to use a “dummy device” to create the automation

4

I have no mobile app for one of my ha installations (I have two, so I had to choose).

I updated the gist to allow an empty device selection and also to enable choosing between an nginx or ha restart.

2 Likes
5

Hi,
I tried your blueprint. Choosing a notification device is still mandotary.
Another recommendation would be to choose an addon to restart since I am using a different NGINX Proxy (GitHub - hassio-addons/addon-nginx-proxy-manager: Nginx Proxy Manager - Home Assistant Community Add-ons)

6

Here is a version that is without selecting a notification target. It seems to work :slight_smile:

7

@Konstigt I still get a malformed error with this one - it expects me to fill in notification titles, i don’t want a notification title or a notification

and if i put in a notification title and message and save - it never appears in automations… is this compatible with latest version of hass? seems this was caused by some weird frontend browser issue - rebooting PC fixed it