Homeassistant Blueprint for SSL-Certificate renewal

renew_ssl_cert.yaml

---
blueprint:
  name: Renew Let's Encrypt Certificate
  description: Renew Certificate when due date is below given value
  domain: automation
  input:
    cert_expiry_sensor:
      name: Certificate Expiry Sensor
      description: "Sensor from the Certificate Expiry Integration (https://www.home-assistant.io/integrations/cert_expiry)"
      selector:
        entity:
          filter:
            - integration: cert_expiry
    renew_date:
      name: Certificate renewal date
      description: Date when the SSL-Certificate will be renewed
      selector:
        number:
          min: 1
          max: 29
          mode: slider
          unit_of_measurement: days
      default: 5
    time_to_check_cert:
      name: Certificate check time
      description: Time when the certificate date will be checked.
      selector:
        time:
    restart_nginx_after_renewal:
      name: Restart Nginx
      description: Restarts Nginx when the certificate is renewed. (if enabled)
      selector:
        boolean:
      default: true
    minutes_until_nginx_restart:
      name: Minutes until restart
      description: Minutes until restart of Nginx if restart is enabled
      selector:
        number:
          min: 1
          max: 60
          mode: slider
          unit_of_measurement: minutes
      default: 1
    restart_mosquitto_after_renewal:
      name: Restart Mosquitto
      description: Restarts Mosquitto when the certificate is renewed. (if enabled)
      selector:
        boolean:
      default: false
    minutes_until_mosquitto_restart:
      name: Minutes until restart
      description: Minutes until restart of Mosquitto if restart is enabled
      selector:
        number:
          min: 1
          max: 60
          mode: slider
          unit_of_measurement: minutes
      default: 1
    reboot_hassio_after_renewal:
      name: Reboot HassIO (reboot system)
      description: Reboots the system (HAOS) when the certificate is renewed. (if
        enabled)
      selector:
        boolean:
      default: false
    restart_ha_after_renewal:
      name: Restart Home Assistant
      description: Restarts the Home Assistant when the certificate is renewed. (if
        enabled)
      selector:
        boolean:
      default: false
    minutes_until_ha_restart:
      name: Minutes until restart or reboot
      description: "Minutes until restart/reboot of Home Assistant/HASSIO if restart/reboot is enabled"
      selector:
        number:
          min: 1
          max: 60
          mode: slider
          unit_of_measurement: minutes
      default: 5
    send_notification:
      name: Send notification
      description: Sends a notification to a device if enabled
      selector:
        boolean:
      default: false
    notification_device:
      name: Device to notify
      description: Device which will be notified.
      selector:
        device:
          filter:
            - integration: mobile_app
      default: None
    notification_title:
      name: Notification title
      description: Title for notification, sent when the certificate has been renewed.
      default: SSL certificate renewed
    notification_message:
      name: Notification message
      description: Notification message, sent when the certificate has been renewed.
      default: HA SSL certificate renewed
alias: Renew SSL Cert
description: 'Renew SSL Certificate, optionnaly: restart HA, restart NGINX, send notification'
triggers:
  - trigger: time
    at: !input time_to_check_cert
condition:
  - condition: template
    value_template: '{{ expire_days_var < var_check }}'
actions:
  - action: hassio.addon_start
    data:
      addon: core_letsencrypt
  - choose:
      - conditions:
          - condition: template
            value_template: '{{ send_notification_var }}'
        sequence:
          - device_id: !input notification_device
            domain: mobile_app
            type: notify
            title: '{{ message_title_var }}'
            message: '{{ message_var }}'
    default: []
  - choose:
      - conditions:
          - condition: template
            value_template: '{{ restart_nginx_after_renewal_var }}'
        sequence:
          - delay:
              hours: 0
              minutes: !input minutes_until_nginx_restart
              seconds: 0
              milliseconds: 0
          - action: hassio.addon_restart
            data:
              addon: core_nginx_proxy
    default: []
  - choose:
      - conditions:
          - condition: template
            value_template: '{{ restart_mosquitto_after_renewal_var }}'
        sequence:
          - delay:
              hours: 0
              minutes: !input minutes_until_mosquitto_restart
              seconds: 0
              milliseconds: 0
          - action: hassio.addon_restart
            data:
              addon: core_mosquitto
    default: []
  - choose:
      - conditions:
          - condition: template
            value_template: '{{ reboot_hassio_after_renewal_var }}'
        sequence:
          - delay:
              hours: 0
              minutes: !input minutes_until_ha_restart
              seconds: 0
              milliseconds: 0
          - action: hassio.host_reboot
    default: []
  - choose:
      - conditions:
          - condition: template
            value_template: '{{ restart_ha_after_renewal_var }}'
        sequence:
          - delay:
              hours: 0
              minutes: !input minutes_until_ha_restart
              seconds: 0
              milliseconds: 0
          - action: homeassistant.restart
    default: []
mode: single
variables:
  certificate_var: !input cert_expiry_sensor
  var_check: !input renew_date
  message_var: !input notification_message
  message_title_var: !input notification_title
  restart_ha_after_renewal_var: !input restart_ha_after_renewal
  reboot_hassio_after_renewal_var: !input reboot_hassio_after_renewal
  restart_mosquitto_after_renewal_var: !input restart_mosquitto_after_renewal
  restart_nginx_after_renewal_var: !input restart_nginx_after_renewal
  send_notification_var: !input send_notification
  expire_days_var: >-
    {{ ((as_timestamp(states(certificate_var), 0) - as_timestamp(now())) / 60 / 60 /
    24 ) | int }}

as_timestamp(states(certificate_var)) should be changed to as_timestamp(states(certificate_var), 0) to add a default value of 0. The state returns unkown if the certificate has already expired, making the script fail.

I'm getting a few SYNTAX_ERRORS. I can fix the simple ones like service,trigger,... but i can't seem to figure out what to do with the following, anyone have a idea?

      selector:
        entity:
          integration: cert_expiry

and

      selector:
        device:
          integration: mobile_app

cert_expiry needs to be a Certificate Expiration sensor, see https://www.home-assistant.io/integrations/cert_expiry

mobile_app needs to be a mobile device with the home assistant app installed, it should show up there then as the Mobile App integration is enabled by defauilt https://www.home-assistant.io/integrations/mobile_app/
It cannot be empty I think, even if you do not enable the notification.

Oh i'm sorry, the blueprint is working fine but i tried changing the error codes in the yaml file. (sorry for the bad explanation)
With the above lines i get an error: String does not match the pattern of "LEGACY_SYNTAX^".

@Pastaloverzzz
I tried to understand your issue, but I can not "decode" it.

• "the error codes in the yaml file": Which yaml file? What error codes? (There are no error codes defined in the yaml files: the blueprint/the automation using the blueprint). I suppose that youa are getting error in your automation, unless you have modified the blueprint and you are getting errors there.
• "above lines": Which lines? The 2x3 lines you highlight from the blueprint?

To find a yaml error for String does not match the pattern of "LEGACY_SYNTAX^" I generally first copy the yaml text to a local editor and save it, then I remove sections using the UI until HA accepts it. I then know which part HA complains about and I fix it.

I get the error when editing your blueprint in the add-on studio code server. I'm not getting errors in home assistant itself, the automation is working great.

I get the error in studio code server on line 12 and 72 of your code.

I just merged one of the forks, and added another reset option (+ the one from the fork).

I think your issue is with the strings containing '/' - I added double quotes for them.

Have you tried editing your file with studio code server?
You get the messages like below:

https://imgur.com/a/3vgJgXc

I found the solution and edited the fork, if you want you can copy it from me: https://gist.github.com/Pastaloverzzz/673cdd5245bf3cf33852a75305fe179c/revisions
solution was simply changing it to:

      selector:
        entity:
          filter:
            - integration: cert_expiry

and

      selector:
        device:
          filter:
            - integration: mobile_app

@Pastaloverzzz Thank you, I've merged your gist into this one.