-
How to prove if it ran successfully? Couldn't find any log entries related to the client renewal cron. Neither in the system logs, nor in /tmp/acme.
I'd check if this really runs as expected - certs expire in 90 days, but I really think I shouldn't need to wait that much time to confirm that the cron job actually does something. -
If it renews, the date in the certificate list will be current.
The log should be in /tmp/acme/<certname>/acme_issuecert.log if you want to check the status of the last run</certname>
-
I know that. I meant the output of the cron command```
/usr/local/pkg/acme/acme_command.sh "renewall" -
Cron output doesn't get logged unless a script manually makes log entries. Hence checking the other logs to see if the script actually updated the certs.
-
You don't get itβ¦.
What other logs to chek? There's no entry anywhere in any log, unless the renewal number of days has been reached. Since this is next due 3 months later, I don't think that it's an unusual expectation that somebody really wants to be sure that the cron job really does its job.
If I run that command in the web-based command prompt, I get this straight in the webpage after the run:
Checking if renewal is needed for: mydomain Renewal number of days not yet reached.Can't the script echo these in the system logs too? It's really not such a big deal, +2 more lines a day.
-
I get it fine, at the moment that's the only way to know so that's the workaround.
It could log those to the main system log, open up a feature request on redmine under pfSense-packages set for ACME and I'll have a look next time I'm in the code.
-
Done, thanks: https://redmine.pfsense.org/issues/8211
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.