Sensor to show expiry date of SSL certificate

Do have solve this issue? I have the same issue after upgrade to .51

thanks
JP

Seems to work if run from a shellscript.

command: “sh /home/homeassistant/.homeassistant/scripts/ssl_expiry_days.sh”

I have the same problem:

2017-09-01 18:54:09 ERROR (Thread-6) [homeassistant.components.sensor.command_line] Command failed: ssl-cert-check -b -c /etc/letsencrypt/live/MYDOMAIN.duckdns.org/cert.pem | awk { print $NF }

Someone find a solution?

Check this… approach
Let it do automatically without user intervention.

2 Likes

This solution is https protocol?
At the and in my router i need to forward the port 80 to 443 or not?

It use DNS-01 Challenge, don’t need open port 80 or 443.

This simplify the things as explained in the post.

1 Like

Ok, thank you very much leviweb, i have the last question.

Now I have configured the raspberry Pi 3 with Homeassistant, Duckdns and LetsEncrypt. In my router the port 443 in forwarded to port 8123.

For use the ACME.SH I need to delete the port forwarding in my router, install the script and change the line html in configuration.yaml file, am I right.
It’s necessary to uninstall the Lentsencript software or script? If yes haw do this?

For use the ACME.SH I need to delete the port forwarding in my router, install the script and change the line html in configuration.yaml file, am I right.
It’s necessary to uninstall the Lentsencript software or script? If yes haw do this?

You don’t need any port forwarding to setup or use ACME.SH. (Suggest you remove unused port forwarding)
You need reconfigure HA to use cert created by ACME.SH.

ACME.SH replace Certbot or any other Client that issue certs from Let’s Encrypt. So you should (not must) deinstall the others client.

Grate tool. Thank you.

Sounds cool but getting this problem when doing apt-get
E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?

try: sudo apt-get install ssl-cert-check

duh, of course! Oops! Thank you for that! It is now working :slight_smile:

Kind of…

I have the problem where the sensor does not say any days it just has a dash -

It might only update once every 12 hours

Unfortunately it’s been like that for a few days :frowning:

00:04:59 ERROR (Thread-4) [homeassistant.components.sensor.command_line] Command failed: ssl-cert-check -b -c /etc/letsencrypt/live/BLAHBLAH.duckdns.org/cert.pem | awk { print $NF }

Hey.

i get

Cdture

What i miss here?

run the command via SSH

ssl-cert-check -b -c /etc/letsencrypt/live/yanir.duckdns.org/cert.pem | awk ‘{ print $NF }’

show 90 fine.

now i see the log show

2018-02-17 17:43:32 ERROR (Thread-18) [homeassistant.components.sensor.command_line] Command failed: ssl-cert-check -b -c /etc/letsencrypt/live/yanir.duckdns.org/cert.pem | awk { print $NF }

When on SSH, have you tried to run the command as the same user that’s running Home Assistant? If this fails, there is probably a permissions issue.

Via SSH work fine…

I just upgraded my HASS install on my Mac server and ran into some issues that seem to be prevalent through this thread. As such, I wanted to drop a note for fellow Mac users that might run into the same issues, so that they can save the headaches I ran into. I used this thread and the following doc to make all of this fly, so kudos and thanks to everyone involved.
https://home-assistant.io/docs/ecosystem/certificates/lets_encrypt/

1-) To start, you’ll need the ssl-cert-check script found here: https://github.com/Matty9191/ssl-cert-check

2.) Now you need to give the script the correct permissions to run.

  • To do that on a Mac, best to just do a chmod
  • chmod 755 path to script
  • in my example it looked like this:
    chmod 755 /Users/redacted/ssl-cert-check

3.) Now you can run the script against your certificate.

  • Assuming you are running this against a duckdns and letsencrypt setup, it will look like this:
    ./ssl-cert-check -b -c /etc/letsencrypt/live/redacted.duckdns.org/cert.pem | awk ‘{ print $NF }’
  • That should return a number, which is the number of days left on your cert before it expires.

4.) Now you can setup command line sensors in Home Assistant to run this script to keep an eye on your expiration date.

  • I did it this way and it works well. Thanks to @anon43302295 for this!
    (The formatting won’t work for me here, but I copy and pasted from @anon43302295’s post above.) ** Note the ./ before the script. It will be needed to run the script from the shell command. **

sensor:

  • platform: command_line
    name: SSL cert expiry
    unit_of_measurement: days
    scan_interval: 86400
    command: "./ssl-cert-check -b -c /etc/letsencrypt/live/YOUR-URL.duckdns.org/cert.pem | awk ‘{ print $NF }’ "

5.) Now use the sensor to drive other automations, like renewing your letsencrypt cert.

shell_command: renew_ssl: ~/certbot/certbot-auto renew --quiet --no-self-upgrade --standalone --preferred-challenges http-01

automation:
  - alias: 'Auto Renew SSL Cert'
    trigger:
      platform: numeric_state
      entity_id: sensor.ssl_cert_expiry
      below: 29
    action:
      service: shell_command.renew_ssl

automation:
  - alias: 'SSL expiry notification'
    trigger:
      platform: numeric_state
      entity_id: sensor.ssl_cert_expiry
      below: 21
    action:
      service: notify.[your_notification_preference]
      data:
        message: 'Warning - SSL certificate expires in 21 days and has not been automatically renewed'

Hopefully that helps someone. It took me a few to connect the dots, but now that it is running, it should be set.

5 Likes

Hmm got this working on the command line, and wondered why it wasn’t working in HASS.

Then remembered I’m running in Docker…

So is there a way to expose that command into my docker container???

1 Like