Unfortunately it’s been like that for a few days 
00:04:59 ERROR (Thread-4) [homeassistant.components.sensor.command_line] Command failed: ssl-cert-check -b -c /etc/letsencrypt/live/BLAHBLAH.duckdns.org/cert.pem | awk { print $NF }
Hey.
i get
What i miss here?
run the command via SSH
ssl-cert-check -b -c /etc/letsencrypt/live/yanir.duckdns.org/cert.pem | awk ‘{ print $NF }’
show 90 fine.
now i see the log show
2018-02-17 17:43:32 ERROR (Thread-18) [homeassistant.components.sensor.command_line] Command failed: ssl-cert-check -b -c /etc/letsencrypt/live/yanir.duckdns.org/cert.pem | awk { print $NF }
When on SSH, have you tried to run the command as the same user that’s running Home Assistant? If this fails, there is probably a permissions issue.
Via SSH work fine…
I just upgraded my HASS install on my Mac server and ran into some issues that seem to be prevalent through this thread. As such, I wanted to drop a note for fellow Mac users that might run into the same issues, so that they can save the headaches I ran into. I used this thread and the following doc to make all of this fly, so kudos and thanks to everyone involved.
https://home-assistant.io/docs/ecosystem/certificates/lets_encrypt/
1-) To start, you’ll need the ssl-cert-check script found here: https://github.com/Matty9191/ssl-cert-check
- To do that on a Mac, best to use wget
- wget https://raw.githubusercontent.com/Matty9191/ssl-cert-check/master/ssl-cert-check
- That will save this to your users home folder (assuming that is where you were when you ran the wget.)
2.) Now you need to give the script the correct permissions to run.
- To do that on a Mac, best to just do a chmod
- chmod 755 path to script
- in my example it looked like this:
chmod 755 /Users/redacted/ssl-cert-check
3.) Now you can run the script against your certificate.
- Assuming you are running this against a duckdns and letsencrypt setup, it will look like this:
./ssl-cert-check -b -c /etc/letsencrypt/live/redacted.duckdns.org/cert.pem | awk ‘{ print $NF }’ - That should return a number, which is the number of days left on your cert before it expires.
4.) Now you can setup command line sensors in Home Assistant to run this script to keep an eye on your expiration date.
- I did it this way and it works well. Thanks to @anon43302295 for this!
(The formatting won’t work for me here, but I copy and pasted from @anon43302295’s post above.) ** Note the ./ before the script. It will be needed to run the script from the shell command. **
sensor:
- platform: command_line
name: SSL cert expiry
unit_of_measurement: days
scan_interval: 86400
command: "./ssl-cert-check -b -c /etc/letsencrypt/live/YOUR-URL.duckdns.org/cert.pem | awk ‘{ print $NF }’ "
5.) Now use the sensor to drive other automations, like renewing your letsencrypt cert.
shell_command: renew_ssl: ~/certbot/certbot-auto renew --quiet --no-self-upgrade --standalone --preferred-challenges http-01
automation:
- alias: 'Auto Renew SSL Cert'
trigger:
platform: numeric_state
entity_id: sensor.ssl_cert_expiry
below: 29
action:
service: shell_command.renew_ssl
automation:
- alias: 'SSL expiry notification'
trigger:
platform: numeric_state
entity_id: sensor.ssl_cert_expiry
below: 21
action:
service: notify.[your_notification_preference]
data:
message: 'Warning - SSL certificate expires in 21 days and has not been automatically renewed'
Hopefully that helps someone. It took me a few to connect the dots, but now that it is running, it should be set.
5 Likes
Hmm got this working on the command line, and wondered why it wasn’t working in HASS.
Then remembered I’m running in Docker…
So is there a way to expose that command into my docker container???
1 Like
Although that does sort of go against the point of docker 
I would have to read it again and I will, but will Acme renew the certificate automatically. Just checked crontab -l after Acme installation and it shows:
56 0 * * * “/home/homeassistant/.acme.sh”/acme.sh --cron --home “/home/homeassistant/.acme.sh” > /dev/null
It sure is much easier than using certbot - especially if auto renewal is included.
Thanks!
check the solution one post above yours solution, just put the ssl check script in the homeassistant config folder.
Thank you.
Ive installed the ssl-cert-check in homeassistant home folder, modified its permissions and modified the sensor to let it run in my configuration and give me “-days”
sersors.yaml:
- platform: command_line
command: /home/homeassistant/ssl-cert-check -b -c /home/homeassistant/.acme.sh/YOURNAME.duckdns.org/YOURNAME.duckdns.org.cer | awk '{print -$6}'
name: SSL
scan_interval: 43200
unit_of_measurement: days
problem is with the builtin one, if you restart HA at any time it says unavailable. I think it only checks every 12 hours.
SSL Certificate Expiry
2 days ago
Unknown
via SSH work fine
For anyone looking for a easier method to keep the SSL cert valid, just run:
apt-get install certbot
systemctl enable certbot.timer
systemctl start certbot.timer
This will use the auto-update system defined by Let’s Encrypt itself.
3 Likes
I’m not experiencing that, if I restart it shows it immediately.
Is it possible to use the build in component with the URL: https://xxx.com:789/?src=connect
I have tried
host: xxx.com
port: 789
Since I switched to Caddy it’s working immediately here as well but with the standard LetsEncrypt addin it was a 12 hour wait to see the sensor expiry.
Same problem! Did you solve the problem?
I think is a user permission problem.
LS -la command show me “ssl-cert-check” file have a root:root permission, i think need change with “homeassistant” user.
To fix the delayed update after a system restart, I use an automation that runs 15 seconds after hass startup and calls the homeassistant.update_entity service for the sensor.ssl_certificate_expiry. This way it updates without the 12 wait.
1 Like