Today I configured my Let’s Encrypt add-on to restart every night to check my SSL expiration and renew it.
But once the SSL is renewed it doesn’t change the HA editor to the new SSL unless the HA core is restarted. So 5 minutes after asking to restart the plugin I launch this sh script, which checks if the certificate has been modified or not. In case we have a new certificate it restarts the HA core and warns me that the SSL certificate has been renewed. This way I avoid unnecessary restarts and only restart when there is a real SSL change. The new ssl is downloaded in the file /ssl/fullchain.pem and /ssl/privkey.pem.
So let’s put in a scipt that checks that newly downloaded file against a version from the previous day and if it’s different then reboot the machine. To do this we are going to put the script shell:
/homeassistant/shell/reboot_for_new_ssl.sh
#!/bin/bash
if cmp -s /ssl/fullchain.pem /config/personal/fullchain_old.pem
then
echo Certificado SSL sin cambios
exit 0
else
echo ¡Detectado nuevo certificado SSL!
cp -f /ssl/fullchain.pem /config/personal/fullchain_old.pem
exit 1
fi
and add in the
/homeassistant/configuration.yaml
########## Comando shell como servicio
shell_command:
reboot_for_new_ssl: bash /config/shell/reboot_for_new_ssl.sh
create an empty file in the path:
/homeassistant/personal/fullchain_old.pem
restart homeassistant and create the automatic tasks
We set every day at 4:00 to run this:
Very important: reboot_for_new_ssl_flag
and then create the if that chooses whether or not to restart the HA, send alerts, etc…
