I just saw this thread, so I added certificate expiry integration. I tried on domain and subdomain certs and it display time and date when cert for domain and subdomain will expire.
Or… just add an automation that is triggered when the sensor changes?
I’m not sure I follow… You’ve updated the Certificate Expiry integration to now get this information directly?
I didn’t have this integration. I didn’t know it exist. I saw this thread so I integrated my domain and two subdomains just to check this out. As I saw I have sensor with a time stamp for domain or subdomain saying cert expiration time stamp July 1. at xy. pm.
I still didn’t think about it well how to implement first I want to get the timedate to be able to automate
Do you have NGINX installed as Add-ON or do you have it installed as Supervisor?
I have nginx in docker with letsencrypt. I moved from supervised installation to docker compose and I didn’t regret it.
Ah. I’m sure the Certificate Expiry integration works great for many things. It just didn’t work for what I needed in my particular arrangement.
Correct, I have it as HA OS in a VM with Nginx as Add-On and the integration gives me “timed out” it never connects with the certificate.
As I understood you can’t get time stamp from this integration. In my case it shows day, month, year, and exact time when cert will expire.
I don’t know what the problem is, but it might be to the type of installation. For me standalone ha installation with docker containers solved lot of issues I was struggling using supervised installation.
Yes, they are different installations and in your case the integration works as it should. Thanks for the input
If my solution works for you as far as getting the new date from the certificate into the sensor, then you should be able to have an automation that just watches for that sensor to change? It doesn’t much matter what the sensor value is as you don’t want to restart NGINX at that time (the date/time in the sensor that has just been updated), you want to restart it as soon as a new certificate is available, which is when the sensor value changes.
You’re right, I’m going to try it this way, anyway I would like to change the format since it shows it as follows “Jun 2 00:39:56 2023” but this is only for aesthetics and to make it look better to read.
I’m going to open a new post but to see if I can get someone to help me change the format
The cut command is great for extracting a bit of text, but it can’t reorder anything in that text. Instead, you can use an awk command to reorder however you like. But this is a much less friendly command in general - more powerful but not all that easy to use. What you can do is tell it to split up a block of text into a bunch of values, and then print those values in whatever order you like.
In this case, we’ve got a Month (#1), Day (#2), Hour (#3), Minute (#4), Second (#5) and Year (#6). So if you wanted to see the date as 2023-Jun-2 00:39:56 you could change the command to be like this.
../ssl/openssl x509 -enddate -noout -in ../ssl/fullchain.pem | cut -c10-29 | awk -F[\ :] '{ print $6"-"$1"-"$2" "$3":"$4":"$5 }'
The -F[\ :] part splits up the components of the date and time into separate fields #1-#6, using both a space(escaped space) and a colon as delimiters.
The print command then displays these in whatever order you like, with whatever new delimiters you like.
The fact that it has both single and double quotes might cause some trouble. Maybe the command in the HA configuration.yaml doesn’t need its own quotes? Haven’t tried that out. But it works fine in the HA console.
Well I kept messing around with this and got the Certificate Expiration Integration to work and I did!!
The problem was that I had the redirection of port 80 and 443 to my HA in my Router, I removed the redirection of port 80 and it was working instantly.
Interesting. But is that going to break your LetsEncrypt auto-renewal mechanism?
I do that with the following Blueprints that are in the Community
https://community.home-assistant.io/t/automatic-renewal-of-lets-encrypt-addon-and-restart-of-nginx/306939
I just have to wait until June for it to work
I’m a little bit too late to the party but I have the same problem
Command line sensor has changed to this format:
command_line:
- sensor:
name: "Home Assistant SSL Expiration"
command: "/ssl/openssl x509 -enddate -noout -in /ssl/fullchain.pem | cut -c10-15"
scan_interval: 86400
Hello. How did you make Certificate Expiration Integration work with the command line sensor?
Thanks!!