ACME client renewal cronjob - any logs?



  • How to prove if it ran successfully? Couldn't find any log entries related to the client renewal cron. Neither in the system logs, nor in /tmp/acme.
    I'd check if this really runs as expected - certs expire in 90 days, but I really think I shouldn't need to wait that much time to confirm that the cron job actually does something.


  • Rebel Alliance Developer Netgate

    If it renews, the date in the certificate list will be current.

    The log should be in /tmp/acme/<certname>/acme_issuecert.log if you want to check the status of the last run</certname>



  • I know that. I meant the output of the cron command```
    /usr/local/pkg/acme/acme_command.sh "renewall"


  • Rebel Alliance Developer Netgate

    Cron output doesn't get logged unless a script manually makes log entries. Hence checking the other logs to see if the script actually updated the certs.



  • You don't get it….

    What other logs to chek? There's no entry anywhere in any log, unless the renewal number of days has been reached. Since this is next due 3 months later, I don't think that it's an unusual expectation that somebody really wants to be sure that the cron job really does its job.

    If I run that command in the web-based command prompt, I get this straight in the webpage after the run:

    Checking if renewal is needed for: mydomain
    Renewal number of days not yet reached.
    

    Can't the script echo these in the system logs too? It's really not such a big deal, +2 more lines a day.


  • Rebel Alliance Developer Netgate

    I get it fine, at the moment that's the only way to know so that's the workaround.

    It could log those to the main system log, open up a feature request on redmine under pfSense-packages set for ACME and I'll have a look next time I'm in the code.