ACME client renewal cronjob - any logs?
How to prove if it ran successfully? Couldn't find any log entries related to the client renewal cron. Neither in the system logs, nor in /tmp/acme.
I'd check if this really runs as expected - certs expire in 90 days, but I really think I shouldn't need to wait that much time to confirm that the cron job actually does something.
If it renews, the date in the certificate list will be current.
The log should be in /tmp/acme/<certname>/acme_issuecert.log if you want to check the status of the last run</certname>
I know that. I meant the output of the cron command```
Cron output doesn't get logged unless a script manually makes log entries. Hence checking the other logs to see if the script actually updated the certs.
You don't get it….
What other logs to chek? There's no entry anywhere in any log, unless the renewal number of days has been reached. Since this is next due 3 months later, I don't think that it's an unusual expectation that somebody really wants to be sure that the cron job really does its job.
If I run that command in the web-based command prompt, I get this straight in the webpage after the run:
Checking if renewal is needed for: mydomain Renewal number of days not yet reached.
Can't the script echo these in the system logs too? It's really not such a big deal, +2 more lines a day.
I get it fine, at the moment that's the only way to know so that's the workaround.
It could log those to the main system log, open up a feature request on redmine under pfSense-packages set for ACME and I'll have a look next time I'm in the code.
Done, thanks: https://redmine.pfsense.org/issues/8211