wow, thanks a lot. ye I followed ben’s tutorials setting HA up. I guess I will have to wait a little while till the certificate can actually be renewed before I give this a shot.
1 Like
Very nice, thanks!
Hmmm, for some reason my sensor value is “7 31”? My 90 days should be reached in about a week or 3.
Read some of the earlier posts here
1 Like
Hi, you have the same issue as @berniebl earlier in the thread. Change the tail -c value to 38 .
This will lose the 7 and give you your expiry days left, in your case 31.
Hope this helps.
Thanks, I read to fast. At a glance I thought that the discussion was over auto updating only. My apologies.
Fixed now by changing to 38 indeed 
1 Like
Thanks @anon43302295. Here’s a slight variation using awk instead of tail to pull the value, for me the tail method added some unneeded whitespace.
ssl-cert-check -b -c /etc/letsencrypt/live/YOUR-URL.duckdns.org/cert.pem | awk '{ print $NF }'
Cheers
3 Likes
Ah. So every time I’ve renewed, I made it so that outside port 443 pointed to 443 on my pi (rather than the usual 8123). Is certbot OK with leaving outside 443 pointed to inside 8123? I thought that certbot expected an incoming communication on (the pi’s) 443 as part of it’s renewal process.
That’s why I hadn’t ever considered setting up an auto-renewal, because I’d also have to figure out a way to alter ports on my router.
From what I can tell it is an either/or deal with 80 or 443, so as long as it can communicate in and out on 80 it will issue the certificate, so you don’t need to change it.
Certainly working that way for me.
Let us know your experiences, I find a lot of these things are trial and error 
in case you don’t want or can’t apt-get, the script can be fetched here:
2 Likes
You don’t need to run the auto-renew like that; just add it as a weekly cron job and it will only renew certificates that are close to expiry, it’s the entire point of let’s encrypt.
went to try and install this, shows mirror.umd.edu timing out. Can’t get it to install.
Thanks @anon43302295 this is great! A “small” sensor that helps A LOT!
And also thanks @xstrex, just one question with the 1st method I’m getting just the number;
But with your method I’m getting the word “days” followed by some dashes and after that the number,
----------------------> 
so do you know how can I “clean” the sensor’s answer to get just the number?
@justin8 but in order to run the auto-renew in a cron job, do we need to have the port 80 permanently opened/fowarded to HA right?
Thanks
i know it can be done with cron by what’s wrong with doing it using HA automation? Please enlighten me. Thanks.
@oliverhg1 - Hi, when you used the refined code provided by @xstrex did you include the extra switch - b ?
ssl-cert-check -b -c /etc/letsencrypt/live/YOUR-URL.duckdns.org/cert.pem | awk '{ print $NF }'
@anon43302295 is right, looks like you’re missing the -b one way to test it would be to run it directly from the command like, it should only output a number (no dashes, or odd characters).
@anon43302295 & @xstrex … 
I really sorry usually I tried to check several ties before posting but probably was really late for me yesterday I don’t checked correctly.
Your were absolute right, I was missing the “-b”, thanks for the help again
Hi, I’ve just set the sensor up but I’m getting a “command failed” error in the home-assistant.log:
ERROR (Thread-9) [homeassistant.components.sensor.command_line] Command failed: ssl-cert-check -b -c /etc/letsencrypt/live/rollo-home.duckdns.org/cert.pem | awk '{ print $NF }'
When I sudo to the homeassistant user (that is used to run HA) using:
sudo su -s /bin/bash homeassistant
source /srv/homeassistant/bin/activate
and run the command from command line:
ssl-cert-check -b -c /etc/letsencrypt/live/rollo-home.duckdns.org/cert.pem | awk '{ print $NF }'
it correctly displays the remaining days
Could the error in the log be caused by the fact that the homeassistant user has /bin/false set as shell in /etc/passwd?
Thanks
T.