I have several self-signed certificates that I manage on my local network. I want to use the Certificate Expiry integration to track the expiration of those certificates so I can send myself a notification when I need to renew them. But when I provide a LAN address with a self-signed certificate as the host I just see this:
It looks like the integration doesn’t support self-signed certificates, it is only capable of tracking expiration dates on certificates signed by a known public CA. Which is kind of ironic since any public certificates I have take care of themselves (since I obtain them via tools like the Let’s Encrypt and Caddy 2 add-ons which also automatically renew them when they are close to expiring).
I would like the capability to track expiration on self-signed certificates via this add-on. This could be done in one of two ways:
- Don’t validate the certificate when requesting it. The
errorattribute of the sensor could say whether or not the integration was able to validate it but show me the expiration date either way - Allow me to specify a path to the CA certificate file used to sign it as part of the configuration. Then the integration will be able to continue validating the certificate as well.