Certificate Expiry Integration problem

Lolothejeeper · December 26, 2020, 4:45am

Hi Everybody,
I’m trying to set the cert_expiry integration to know how many days are left till my cert renewal but I get this error

Config import failed for MYDOMAIN.duckdns.org
11:27:15 PM – Certificate Expiry (ERROR)

Here’s the configuration.yaml part for the integration :

sensor:
  - platform: cert_expiry
    host: MYDOMAIN.duckdns.org
    port: 443

I am able to check the SSL certification using https://www.sslshopper.com/ssl-checker.html without problem.

I’m lost ! Could you help me please ?

Thank you

tom_l · December 26, 2020, 4:57am

Try deleting the yaml configuration, restart, then set it up using the configuration / Integrations UI.

Lolothejeeper · December 26, 2020, 3:43pm

I tried but with the integration, I have this error message :

Timeout when connecting to this host

Lolothejeeper · December 27, 2020, 4:45am

Any idea of what I could test of try ?
Is there a way I could create a sensor from DuckDNS add-on to get this information ?

Lolothejeeper · January 2, 2021, 10:12pm

Hi there !
I received a mail from Let’s Encrypt to tell me that my certificate was to expire on January the 11th.
This was for the certificate I created on the Rapsberry 3 I used before the Rasp 4 I use now and on which I have this problem.
The domain names are the same but the certificates on the Rasp 4 expire in March.
Could it be the cause of the problem ?
Thank you !

j3tang · March 20, 2021, 4:27pm

Not sure if you found your solution, but it seems I have similar problem:

I can connect to my HA from internal and external network. I used the checker linked above and was able to get relevant info. However, when I setup the cert expiry integration I am given the same error message as above, “timeout when connecting to this host”.

I dont have the other issue with multiple RPi’s; this is the only one running HA.

Lolothejeeper · March 20, 2021, 4:55pm

No. I did not find a solution. After reading a lot on this subject, il looks like my router can’t make hairpin Nat. The duckdns add-on is able to renew the certificate timely though. So I don’t really need this sensor anymore But it would be cool to have it working ! If you find something, please post it !

alexhk90 · February 21, 2023, 11:06pm

I had the same issue and the only way I found to fix it was to set up Local DNS (e.g. using Pihole, though many routers have a similar feature) to point from the domain to my Home Assistant IP address on the LAN.

matticas · July 18, 2023, 10:36pm

Hi Alex;
I already have this exact set up; Pi-Hole re-directs my URL back to the server machine’s internal IP.

HA runs on a docker inside that server.

Still can’t get it to work. Any other settings you had?

I have external URL & HA port (8123).

ta

alexhk90 · July 19, 2023, 8:47pm

That sounds a bit different to my set up as I have my HA running in a VM (HAOS) on the same server that has my Pihole running in another VM, but to answer your question all I did was to add the domain on the certificate to point to the local IP of HA under “Local DNS” - “DNS Records” in Pihole (which is the DNS server used by HA).

matticas · July 19, 2023, 11:17pm

Found the issue for anyone reading in the future;

My Docker Containers (all of them) aren’t actually directing to my PiHole - thus not getting my DNS redirect of my external URL (to my internal server IP).

I need to correct the Docker Static IP’s and point the HA Container DNS setting to the PiHole Container.