Certificate Expiration

This blueprint will check the selected certificate used by the integration cert_expiry when it is going to be expired. If it expires before the selected period, it will send a notification to the selected mobile device. It will run everyday at the selected time.

Get started

Click the badge to import this Blueprint: (needs Home Assistant Core 2021.3 or higher)

Open your Home Assistant instance and show the blueprint import dialog with a specific blueprint pre-filled.

Or import this Blueprint by using the forum topic URL:

blueprint:
  name: Certificate Expiration
  description: 'This automation blueprint notifies when a SSL certificate is about to expire'
  domain: automation
  input:
    certificate_input:
      name: Certificate
      description: The certificate timestamp
      selector:
        entity:
          integration: cert_expiry
    days_input:
      name: Days before
      description: Set how many days before expiration it should start sending notifications
      default: 5
      selector:
        number:
          min: 0
          max: 100
          unit_of_measurement: days
          mode: slider
          step: 1
    time_input:
      name: Time
      description: What time of the day it should check and send the notification?
      default: '15:00'
      selector:
        time:
    notify_device:
      name: Device to notify
      description: Device needs to run the official Home Assistant app to receive
        notifications
      selector:
        device:
          integration: mobile_app
    device_message:
      name: Message
      description: Select the message to send to the app. You can use {{expire_days_var}} for the remaining days.
      default: "SSL cert is due to expire in {{ expire_days_var }} days"
      selector:
        text:
trigger:
  platform: time
  at: !input 'time_input'
variables:
  notify_device: !input 'notify_device'
  days_var: !input 'days_input'
  certificate_var: !input 'certificate_input'
  expire_days_var: '{{ ((as_timestamp(states(certificate_var)) - as_timestamp(now())) / 60 / 60 / 24 ) | int }}'
condition:
  condition: template
  value_template: "{{ expire_days_var < days_var }}"
action:
- device_id: !input 'notify_device'
  domain: mobile_app
  type: notify
  title: 'SSL Certificate Expiration'
  message: !input 'device_message'
- event: ssl_certifcate_expiration
  event_data:
    entity: !input 'certificate_input'
    daysleft: '{{ expire_days_var }}'
6 Likes

Nice! how do I import this blueprint?

You have to import it into your home assistant instance by going to configuration -> Blueprints and click on the import blueprint. At the pop up dialog you write the url of this page.

Awesome thanks! I have one other question, how could I add multiple certificates to my home assistant as entities so this blueprint can work in a automation?

The way I programmed it, it doesn’t support multiple certificates, so you need to create an automation for each certificate you want to check.

Thanks for this, it’s actually the first blueprint I’ve imported :yum:

Any chance of adding a repeat alert, just in case it gets missed or swiped away, say once a day (or customisable?)?

Thanks again :slightly_smiling_face:

I am so honored that your first blueprint is mine! :smiley:

This is repeatable, so once the limit of days has been reached, it will start sending everyday at the specified time.

1 Like

I’m kinda new to Home Assistant, but not new to scripting in general, but this is just a time saver; why re-invent the wheel when there’s a perfectly good one here :wink: :grinning:

Thanks for the info, my cert runs out in a few weeks, so I look forward to being plagued until I pull my finger out to update it :rofl:

Excellent! Now how do I modify your blueprint so that the action triggered is to restart my lets encrypt add-on instead of sending a notification to my mobile?

Thanks

I modified the blueprint so that it can support custom actions. I haven’t tried it, so let me know if you got any problems.

Edit or create a new blueprint. Mine is located at this path:
<installdir>/blueprints/automation/bkbilly/certificate-expiration.yaml

blueprint:
  name: Certificate Expiration
  description: 'This automation blueprint notifies when a SSL certificate is about to expire'
  domain: automation
  input:
    certificate_input:
      name: Certificate
      description: The certificate timestamp
      selector:
        entity:
          integration: cert_expiry
    days_input:
      name: Days before
      description: Set how many days before expiration it should start sending notifications
      default: 5
      selector:
        number:
          min: 0
          max: 100
          unit_of_measurement: days
          mode: slider
          step: 1
    time_input:
      name: Time
      description: What time of the day it should check and send the notification?
      default: '15:00'
      selector:
        time:
    target_action:
      name: Action
      description: What should be done, when the timer expires?
      selector:
        action:
trigger:
  platform: time
  at: !input 'time_input'
variables:
  days_var: !input 'days_input'
  certificate_var: !input 'certificate_input'
  expire_days_var: '{{ ((as_timestamp(states(certificate_var)) - as_timestamp(now())) / 60 / 60 / 24 ) | int }}'
condition:
  condition: template
  value_template: "{{ expire_days_var < days_var }}"
action:
- choose:
  default:  !input 'target_action'

Many many thanks!!!

I just had to remove this and it’s working, no more manual renewal for me. :slight_smile:

1 Like

Two feature requests:

  1. Offer option to set an individual notification service (e. g. selecting a device/notification group like ‘notify.all’ to notify more than one device)
  2. Add Certificate Name to notification message (title or message). Currently the message only says “SSL Certificate Expiration - SSL cert is due to expire in XX days”. Well, what if I monitor more than one certificate? Which one is going to expire? The current message won´t tell.

Besides that: GREAT blueprint! Makes things easier :slight_smile:

Interestingly, the integration fails on aliases.

@e-raser
Thank you for the input. I’ve updated the topic to send the friendly name of the certificate to the app.
As for your first request, I don’t think that I will be able to make it work because of how limited the blueprints are. You could take a look on the blueprint I’ve added at my previous post above.

@Viking
I am not sure what you mean by that, but I think that you are talking about the 1st feature request of @e-raser. Let me know if you’ve got another problem.

Final note

If blueprints allow actions to be empty, I will update the blueprint so that you won’t be limited to the mobile app notification. :nerd_face:

1 Like

No, what I mean is that when you generate a Let’s Encrypt certificate, you can add any number of aliases (valid DNS domain names) to it and one and the same certificate can be used to serve all of them. But the HA integration fails if you specify one of the aliases.

Message text now contains “SSL cert Cert Expiry Timestamp”. Maybe make the text configurable so users can set their own text (fix bugs, use own language etc) :slight_smile:

@Viking
I am not sure how to fix this…

@e-raser
I really liked your idea, so I updated the first topic with the option to add a custom text.

Update

This blueprint will trigger an event ssl_certifcate_expiration which can be used on another automation to extend the functionality like so:

alias: New event from SSL Certificate Blueprint
trigger:
  - platform: event
    event_type: ssl_certifcate_expiration
action:
  - service: persistent_notification.create
    data:
      title: '{{ trigger.event.data.entity }}'
      message: 'Days left: {{ trigger.event.data.daysleft }}'
1 Like