How does Letsencrypt add-on know when to run?

haaahaha · April 27, 2023, 9:00am

Hi,

I just setup the Letsencrypt add-on in HACS. After I start it, it gets the cert and stops. How does it know when to renew the cert before it expires? Or do I have to set up this renewal myself?

Tinkerer · April 27, 2023, 10:02am

No, you didn’t. There’s no add-ons in HACS.

haaahaha · April 27, 2023, 10:25am

Well, I navigate to it from HACS, Add-ons, Go now

zoogara · April 27, 2023, 10:41am

Add-ons are located under Settings, indeed you can get there in 2 clicks instead of doing 3 going the wrong way through HACS…

Anyhow, every time the Let’s Encrypt add-on starts it checks the certs and renews if required. This is usually fine if like me you restart your HA often enough, but otherwise search the forums and you will see examples of automations to renew the certs on a regular basic.

Tinkerer · April 27, 2023, 12:29pm

That link is there for all the people that don’t understand what HACS is, and what it does. It was easier for the HACS dev to do that than try to explain to a constant stream of people that HACS doesn’t have add-ons.

haaahaha · April 28, 2023, 6:42am

Actually it is still quite confusing with the plethora of terms: add-ons, integrations, frontend, services. To a layman like me, they all do the same thing: extend home assistant to provide more features.

Tinkerer · April 28, 2023, 6:46am

There is a glossary.

aceindy · April 28, 2023, 3:26pm

alias: "@Let's encrypt certificate check"
description: Will expire in 3 weeks
trigger:
  - platform: time
    at: "04:00:00"
condition:
  - condition: template
    value_template: >-
      {{ (states('sensor.cert_expiry_timestamp_ha_certificate_my') | as_datetime or
      now()) - timedelta(days=21) < now()}}
action:
  - service: notify.mobile_app_ip12
    data:
      title: Let's Encrypt
      message: >-
        Your Certificate will expire in 3 weeks, trying to renew, please
        verify
  - service: hassio.addon_start
    data:
      addon: core_letsencrypt
mode: single

haaahaha · April 28, 2023, 3:28pm

aceindy:

condition:
  - condition: template
    value_template: >-
      {{ (states('sensor.cert_expiry_timestamp_ha_certificate_my') | as_datetime or
      now()) - timedelta(days=21) < now()}}

Thanks, the condition is helpful, otherwise my HA needs to restart daily

aceindy · April 29, 2023, 6:44am

Note that a certificate renewal does require a restart eventually, as the core needs to reload the certificate (which it only does during a startup).
But, since the certificate is renewed 3 weeks before it expires, it is likely you will restart at some stage during that time

haaahaha · April 29, 2023, 8:15pm

value_template: >-
  {{ (states('sensor.cert_expiry_timestamp_ha_certificate_my') | as_datetime or
  now()) - timedelta(days=21) < now()}}

this seems to always return true for me. Any idea why? Thank you.

aceindy · April 29, 2023, 9:28pm

Use the name of your own sensor.cert_exipiry_timestamp_ha_ ?

haaahaha · April 30, 2023, 2:45am

Got it. Thanks. I had to add an INTEGRATION under SETTINGS first (Not HACS):

Find and add Certificate Expiry, give it the domain to test
On a PC, click on Notifications and press e on the keyboard
Search for sensor.cert_expiry to find the exact key to use

haaahaha · April 30, 2023, 2:54am

GOODNESS… I just realized that HACS has Integrations, which is completely different from Integrations under Devices & Services… no wonder people are confused.