Last time updated?

Gertjan

Yep, inspect the certificate. It has a start and end date.
Or have a look here : Services => Acme => Certificates
Or have a look in the logs ... a line will mention the execution of the cron job.

Btw "Certificate renewal after" : you set the delay in days for the renewal.

chudak

@gertjan said in Last time updated?:

Yep, inspect the certificate. It has a start and end date.
Or have a look here : Services => Acme => Certificates
Or have a look in the logs ... a line will mention the execution of the cron job.

Btw "Certificate renewal after" : you set the delay in days for the renewal.

I did all of that. The only one that seems to be what i want is "...in the logs ... a line will mention the execution of the cron job"

So far I have not seen it. Will check again tomorrow after expected run time

chudak

@gertjan

Do you know where are frontal logs located for pfsense ?

Thx

Gertjan

@chudak said in Last time updated?:

Last time updated?

I would say : 21-01-2019 10:21.

And what are frontal logs ?

chudak

@gertjan I don't think this is time stamp for last time it ran, it's last time CA was renewed.

@jimp I wonder if it's possible and easy to show when last time Acme checked (e.g. cron ran) on the UI ?

jimp

The last time the cron ran will always be the previous night at 3:16 am or whenever the job is set to.

The latest version of the ACME package logs that to the main system log. Adding it in the cert list GUI would be a hassle and not worth the effort.

chudak

@jimp

Yes I saw update message, but could not find any traces.
Pls tell how you see it ?

jimp

Status > System Logs, search for ACME

chudak

@jimp

I have Cron Entry enabled
I see in Cron UI

16	3	*	*	*	root	/usr/local/pkg/acme/acme_command.sh "renewall" | /usr/bin/logger -t ACME 2>&1

I have NAT/WF rule on schedule

Mon - Sun 3:15 3:30

I check via Status > System Logs > General and filter Message for ACME
... and I see no traces of ACME executed in time range

PS: Manually running ACME works fine

You see something wrong with these steps ?

jimp

When did you last update the ACME package? I just put out the update with the log entry for cron in the last couple days. If you updated today, for example, you'd have no log entries for it yet.

Also if your system log is especially busy, it may not go back far enough to show log entries from then.

chudak

@jimp

I am running ACME version 0.5.3.

Is it good ?

And cron says:

| /usr/bin/logger -t ACME 2>&1

and here see my log https://snag.gy/auomlf.jpg

Maybe it will show up tomorrow ?

jimp

It might, but like I said, if your log is very busy it may have scrolled off before you checked.

chudak

@jimp

that's an interesting point.

But if you look at my log as above, you see ALL entries for 1/25/19, don't you? Where would it be ?

Still consider show on the UI. I bet you majority of people would love that :)

jimp

The earliest it shows is 7:42 AM, the log entry would have been from 3:16 AM. It might have already fallen off the start of the circular log.

chudak

@jimp

how ?

next you see

Jan 25 07:40:03	php-fpm		/acme/acme_certificates_edit.php: Beginning configuration backup to .https://acb.netgate.com/save
Jan 24 20:44:33	php		/usr/local/pkg/acme/acme_command.sh: End of configuration backup to https://acb.netgate.com/save (success).

the day before yesterday, no ?

jimp

Ah, sorry, I hate reverse logs, my brain always sees top=oldest.

Try searching with ACME in the process field, not the message.

chudak

@jimp

That's it !

Jan 25 03:16:00	ACME		Renewal number of days not yet reached.
Jan 25 03:16:00	ACME		Checking if renewal is needed for: YYY
Jan 25 03:16:00	ACME		Renewal number of days not yet reached.
Jan 25 03:16:00	ACME		Checking if renewal is needed for: XXX

Thank you!

Still consider !!!

chudak

@jimp

I also wanted to mention that after being using ACME for several days I say that you deserved kudos and thank you's for maintaining its code ....

Gertjan

Didn't had a look myself yet .... but it's there : exactly at 03h16 minutes sharp :

2019-01-25 03:15:54	Cron.Info	192.168.1.1	Jan 25 03:16:00 /usr/sbin/cron[87247]: (root) CMD (/usr/local/pkg/acme/acme_command.sh "renewall" | /usr/bin/logger -t ACME 2>&1)
2019-01-25 03:15:55	User.Notice	192.168.1.1	Jan 25 03:16:00 ACME: Checking if renewal is needed for: V2_brit-hotel-fumel.net
2019-01-25 03:15:55	User.Notice	192.168.1.1	Jan 25 03:16:00 ACME: Renewal number of days not yet reached.

Btw : using an external syslogger.

edit : grepping using the magic word ( = ACME) nailed it in a split second.

chudak

@jimp

Just wondering when I see in logs those entries ("Renewal number of days not yet reached"), can I assume that NAT/FW rule for port forwarding was used and worked successfully?