Sensor for getting certification expiry in days: Problem with bash script

Hi,

I managed to secure my HA installation with SSL. Now I’d like to add a sensor reporting the number of days until the certificate expires. I’m on TrueNAS-12.0-U2.

I managed to come up with a command which, if executed on the jail’s shell, prints the number of days:

certbot certificates 2>/dev/null | awk '/VALID:/{print $0 }' | sed 's/.*VALID: \(.*\) days.*/\1/'

I have then wrapped that command into a bash script, added permission for execution (chmod +x myscript) and made homeassistant the owner (chown homeassistant:homeassistant myscript). The script:

#!/usr/bin/bash

certbot certificates 2>/dev/null | awk '/VALID:/{print $0 }' | sed 's/.*VALID: \(.*\) days.*/\1/'

If I enter the jail’s shell and run the script, everything works as desired:

root@HomeAssistant:~ # bash /home/homeassistant/myscript
89
root@HomeAssistant:~ #

However, if I add an according sensor like this, the reported number is 0:

sensor:
  - platform: command_line
    name: SSL cert expiry
    unit_of_measurement: days
    scan_interval: 3600
    command: "bash /home/homeassistant/myscript"

What really confuses me is that if I change user on the shell, the command’s output is empty:

root@HomeAssistant:~ # su homeassistant
[homeassistant@HomeAssistant /root]$ cd
[homeassistant@HomeAssistant ~]$ bash /home/homeassistant/myscript
[homeassistant@HomeAssistant ~]$

I’m not exactly a Linux guy, so maybe somebody can help me out here?

Thanks in advance
Christian

Can’t you just use the certificate expiry integration?

I didn’t know about that integration (probably best practice for home assistant: always check for integrations first :slight_smile: )

However, it doesn’t work - when trying to add the integration, the check fails: “Timeout when connecting to this host”. As host, I’m using the URL of my home assistant instance (i.e., foo.duckdns.org with port 443), which works fine from the browser without port: https://foo.duckdns.org

I would also prefer to understand why my above approach is not working, since this appears to be a very powerful way of adding all kinds of sensors I might use in the future…

For the record: turned out that certbot tried to write to /var/log/letsencrypt, for which root had permission, but homeassistant does not. The resulting error message was consumed by the 2>/dev/null redirection.

1 Like