Log entries do not indicate domain


#1

The log entries that provide information messages about the state of a domain/cert do not specify which domain/cert they are about.
Could this info be included in the log message.


#2

I’m not sure which log entries you are meaning. Can you provide a little more detail please.

For me, the logs do include the domain name(s). It would depend on your OS / what client you are using, what command you are running etc though.


#3

Sorry, I should have given some background info at the start of the thread.
I do not run an active web site, I have “pretty picture” as a place holder on the WEB.
All the certificates I use are for email(smtp/submission, imaps, sieve), webdav (davfs, davical, dl) and admin functions (pfadmin, pgadmin).
I need to know which certs have changed in order to ensure my tlsa records have been updated, the current log output does not in anyway help?

I am having problems with the letsencrypt log, but a typeical entry is:

2017-01-15 05:32:24,105:DEBUG:certbot.main:Root logging level set at 30
2017-01-15 05:32:24,105:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-01-15 05:32:24,106:DEBUG:certbot.main:certbot version: 0.9.3
2017-01-15 05:32:24,106:DEBUG:certbot.main:Arguments: [’-q’]
2017-01-15 05:32:24,107:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2017-01-15 05:32:24,120:INFO:certbot.renewal:Cert not yet due for renewal
2017-01-15 05:32:24,122:INFO:certbot.renewal:Cert not yet due for renewal
2017-01-15 05:32:24,124:INFO:certbot.renewal:Cert not yet due for renewal
2017-01-15 05:32:24,127:INFO:certbot.renewal:Cert not yet due for renewal
2017-01-15 05:32:24,129:INFO:certbot.renewal:Cert not yet due for renewal
2017-01-15 05:32:24,129:DEBUG:certbot.renewal:no renewal failures
the info lines don’t tell me which domain/cert they apply to.
When a cert is due for renewal I assume there is an INFO line that indicates which cert will/has been renewed.


#4

I’d suggest using the --renew-hook ( see the certbot documentation )

Command to be run in a shell once for each successfully renewed certificate. For this command, the shell variable $RENEWED_LINEAGE will point to the config live subdirectory containing the new certs and keys; the shell variable $RENEWED_DOMAINS will contain a space-delimited list of renewed cert domains


#5

This looks promising.
I took a look for some documentation on this hook, but have not managed to find very much.
$RENEWED_LINEAGE looks to be fairly obvious, but $RENEWED_DOMAINS could do with a little more info, for instance what order are the domains presented in.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.