My server: Ubuntu 18.04 LTS Apache/2.4.29 (Ubuntu)
Rackspace: shell access
I am following the trail of the certbot cron job
/etc/cron.d/certbot
....
# certbot.timer.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
I am trying to find a way to identify if there are any renewal failures in the daily cron job
One thing I can do is check the log
/var/log/letsencrypt/letsencrypt.log
for the string 'certbot.renewal:no renewal failures'
But sometimes the letsencrypt log only has items from the following ( and does not include string no renewal failures)
I use this command in my daily maintenance routines
certbot certificates > Certs_txt
Since I have 500 domains, this gets big and the debug log gets big.
I changed the letsencrypt log rotation to be daily instead of weekly
I went to github and found this \certbot\renewal.py
if renew_failures or parse_failures:
raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format(
len(renew_failures), len(parse_failures)))
else:
logger.debug("no renewal failures")
**If there are renewal failures, can I search for 'renew failure(s)' in the log to check for errors? **
Another way to ask the questions is does raise errors.Error( write to the log file?
1 renew failure(s), 0 parse failure(s)
What about searching for the string 'All renewal attempts failed' in the log
Here are some posts that show that string
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/bibidiart.com/fullchain.pem (failure)
*** DRY RUN: simulating ācertbot renewā close to cert expiry*
*** (The test certificates above have not been saved.)*
If there are other ways I could check for renewal errors, Please advise