Instructions for automatic certificate file and successful notification Renewal success tracking and OpenPGP issue

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://new.isosomppi.fi/iredadmin two website is: https://new.isosomppi.fi/mail so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: isosomppi.fi

I ran this command:

It produced this output:

My web server is (include version): Debian 9 mysql and Postfix and Dovecot email server.

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: virmach.com

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, IredMail, PHP-admin.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Certbot automatic renewal version.

Hey

What is the best service that I can use to get full automatic notifications that SSL is automatically renewed? I want to avoid problems this way. I would like to use the free automatic SSL reminder service if you know me a good option.

Thing two: I should be able to sign my OpenPGP key for the enigmail Thunderbird plugin. I could have signed this myself, but I don’t want to sign it myself, because sometimes I also have to send an full encrypted message to the police and other Finland government services via email.

Could Let`s Encrypt sign my OpenPGP certificate an he send my?

3: If Lets Encrypt can’t sign my OpenPGP key, do you know a company that can verify my OpenPGP key I just created for Kleopatra I my?

I favor most iilmaista to a CA but I am also willing to pay.

4. I love Lets Encrypt service and therefore would like them to certify this to me. I use SSL and TLS certificates issued by Lets Ensrypt on each of my servers. I want to convey my thanks to Let’s Encrypt service because they renewed my certificate for free and above all completely automatically and I just enjoy!

5; I will be forever grateful to the who has brought Let`s Ensrypt service available to our users! This saves me so much time.

6: Is there any script on Debian 9 Linux that I can run on a server that would send me automatic notifications when Certbot has updated my certificates on my servers?

I also want an automatic notification monitor script that will let me know if there is something wrong send with Certbot Let`encrypt SSL/TLS automatic renewal wrong

I would not like external SSL re-tracking services. I want programs on the server that do what I want and want and send me email notifications when needed my email.

For you me , need to provide detailed installation instructions for these because I am a new user linux world.

However, for Linux, you can get almost anything between earth and the moon. I’m sure someone will find me just such an automatic monitoring system installation and configuration instructions.

My server has Postfix, and Dovecot, mail systems. abd IredMail admin email panel.

Thanks

Regards
Matias Isosomppi

Facebook and Cloudflare both offer such services for free.

No.

You could write a trivial script to be called on renewal using the --post-hook flag that would email you whatever you wanted. Alternatively, your system cron daemon may be set up to email you output of its jobs.

You could also consider running a monitoring script like Nagios Core, which sends you e-mail notifications about different problems with the configuration or availability of your network services.

This is probably a lot more work to set up because this kind of platform is so configurable and can monitor so many different things and react to them in so many different ways. But there are very nice publicly-available tools if you do want to set up your own monitoring infrastructure, and a lot of organizations self-host this.

@danb35's suggestions are more practical if this single event is the only thing you care about getting notifications for.

In my claim, I said that I do not want an external Lets encrypt SSL renewal notification and problem tracking service.

I want to install on both my mail servers with Debian, Postfix and Dovecot, IredMail and Roundcube, PHP, mysql.

2: This automated SSL certbot problem tracking system should also be able to notify me if something is going wrong.

3: Also, it should notify me when my SSL / TLS certificate is renewed succesfyllu.

Because I am a new Linux user so could you please give me full instructions according to my requirements for determining this monitoring system on a server? I can start the setup and configuration as soon as you give me only complete and detailed instructions.

1; this automated SSL tracking system must provide me with postfix notifications of any Certbot failure conditions, preferably with a fault code.

2; This SSL tracking system I require must be able to send me renewal success messages to my email at Mail2Alarm@protonmail.com

Notifications must arrive at PrimaryEmailalarm@protonmail.com for the primary server

I ask that you give me really, really install and config of these installs and configuration on my primary and backup on my smtp server.

So I have two smtp servers. My server is installed and configured by a virmach.com technician.

My primary email server hostname is: mail.isosomppi.fi

My Secondary email hostname is: mail2.backupemailserver.fi

Thanks!

Although someone might choose to help out with this, I think detailed instructions for setting up monitoring are beyond the scope of this forum. The forum is mainly intended for questions about Let's Encrypt's services themselves, and how to get them to work in a particular environment.

You might want to ask on a system administration forum, or look for some tutorials about Nagios.

well this is part of the Lets encrypt.

Imagine what would happen if Certbot didn’t work and my certificate wasn’t renewed?

My site would shut down and no email user would log in.

In addition, the mail server will stop sending and receiving messages if SSL does not automatically renew.

I don’t know how to automatic monitor implement this system myself and I don’t have much idea how I should even do this.

I don’t think things need to be made difficult and we certainly won’t get banners from this forum if someone would help me.

It only irritates me if this becomes a difficult issue now and I have to browse all over the internet and still no instructions are found.

Right, but this would happen if any part of your infrastructure or software stack failed, like if your data center had a power outage or your web server application received a broken software update or something.

The Let's Encrypt CA will automatically send you an e-mail at the configured address associated with your ACME account if a certificate has not been renewed in time. That is a means by which Let's Encrypt tries to help people from forgetting to renew and draw their attention to broken automated renewal.

Alternatively, there are lots of third-party monitoring services that are available free of charge. And there are a number of free and open source tools to help you monitor your own sites, but they require some effort to configure.

You can also use log-analysis tools of various kinds to notify you about anomalies.

In my opinion, an unexpected failure of a Certbot renewal (once you've tested that the automated renewal is working at all) is no more or less likely than an unexpected failure of some other part of your infrastructure or software components, like a DNS outage, data center outage, erroneous configuration change, incompatible software update, etc. (As an analogy, if systemd is unable to start nginx, it's not necessarily going to e-mail you about that under the default configuration of either package...) And Let's Encrypt already does try to e-mail you (from the CA side) in case an expected renewal is missed. So there is no particular reason that Certbot needs a specific notification mechanism as an alternative to other monitoring resources that should be used if you have a site or service that you want to be reliably available to others.

Having said that, this feature request is somewhat relevant

and you're welcome to participate there by writing code for this, starring this issue, adding comments about what you would like to see, and so on. I don't think that the Certbot team is in any way opposed to improving Certbot to make it work better with other log analysis, monitoring, or notification tools or workflows. It just might not happen right away.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.