New SSL certificate automatically reloaded

I am using multiple installations with Letsencrypt SSL certificates. It is very nice these are automatically renewed 30 day’s before expiry. However if you do not restart your HA installation during this time you still have a problem. Would be nice if the certificate is automatically reloaded after successful renewal. Automatic restarting of HA is less preferred since this can always happen at a bad time.

If you use a reverse proxy and add the cert that way, you can just restart the proxy and that will do so without any HA downtime. For me Caddy restarts are <0.5 seconds.

@callifo thanks for the hint. I guess I could indeed add nginx via the addon although there is not much to proxy. Do you see any possibility to automate the reloading of nginx this way, this should not be a manual action :wink:

btw: I could not find the Caddy addon

I use HA Core, so I dont use addons; I imagine nginx works the same sort of way though. Doing a quick google it did show there was an unofficial addon available in this forum though.

If you use the DNS challenge with caddy, it fully handles the recert process automatically, its transparent to the user. As I cannot do that with mine (my domain provider does not support it), I just use a cronjob, and the Lets Encrypt daemon handles the reload on cert update.

It would be great if it automatilly reload the key files once a day to load the latest certificate.

Node-RED has this function already.

    /** If the `https` setting is a function, the following setting can be used
     * to set how often, in hours, the function will be called. That can be used
     * to refresh any certificates.
     */
    httpsRefreshInterval : 24,

A possible solution: