After renewal no line in log to restart, and request notice entries

[SteffenAL]

Running v0.8.2

At the initial setup we get: Managed Domain has been setup and changes will be activated on next (graceful) server restart.

With renewal I miss that kind of logline.

last lines in log with loglevel = info:

[md:info] [pid 4112:tid 1964] apachelounge.nl: received certificate
[md:info] [pid 4112:tid 1964] apachelounge.nl: retrieving certificate chain

No loglevel = notice and warn entries.

Maybe better to log some with loglevel = warn (is default), like:

apachelounge.nl: received certificate
apachelounge.nl: retrieving certificate chain
all managed domains are valid
Managed Domain has been setup and changes will be activated on next (graceful) server restart.
AH10053: md(apachelounge.nl): is complete, cert expires Mon, 04 Dec 2017 13:06:00 GMT
AH: next run in 12:00:00 hours
..
..

So it is less magic.

[icing]

Hmm, there is not a grace period for MDs that renew.

If the MD has still a valid cert, the renewal is delayed by 24 hours (or until the existing cert expires). That means you will not see the log message about restart until it is time.

Could this be what you are observing?

[SteffenAL]

No. It is renewed

I have MDRenewWindow set and it is renewed.

I like to see a Warn message like : Managed Domain has reached MDRenewWindow and has retrieved a new certificate that will be activated on next (graceful) server restart.

[icing]

Yes, it will be renewed - but it will not immediately be activated. There is now a wait period. So you will see the renewal in the logs, but the message to restart will come one day later.

[SteffenAL]

Nothing in the warn/notice log during/after the renewal. Only I see it when I have LogLevel info md:trace2

Not a big deal, we can always set LogLevel info md:trace2, to see what is going on.

[SteffenAL]

@icing you said above: So you will see the renewal in the logs, but the message to restart will come one day later.

During renewal see no word renewal. Or you mean the message with need certificate ?

No restart message one day later as you said. After 12 hours an info message that it is renewed.
Or should I read "should be activated in" as "restart to activate" ?

At loglevel warn (default) and notice no messages, only with info.

Renewal (MDRenewWindow)
[Sat Sep 09 17:15:52.164344 2017] [md:info] [pid 1916:tid 2040] apachelounge.nl: setup staging
[Sat Sep 09 17:15:52.169345 2017] [md:info] [pid 1916:tid 2040] apachelounge.nl: need certificate
[Sat Sep 09 17:15:53.031394 2017] [md:info] [pid 1916:tid 2040] apachelounge.nl: check Terms-of-Service agreement
[Sat Sep 09 17:15:53.031394 2017] [md:info] [pid 1916:tid 2040] apachelounge.nl: setup new authorization
[Sat Sep 09 17:15:56.390680 2017] [md:info] [pid 1916:tid 2040] apachelounge.nl: setup new challenges
[Sat Sep 09 17:15:57.408910 2017] [md:info] [pid 1916:tid 2040] apachelounge.nl: monitoring challenge status
[Sat Sep 09 17:15:58.432683 2017] [md:info] [pid 1916:tid 2040] apachelounge.nl: checked all domain authorizations
[Sat Sep 09 17:15:58.432683 2017] [md:info] [pid 1916:tid 2040] apachelounge.nl: creating certificate request
[Sat Sep 09 17:15:59.864503 2017] [md:info] [pid 1916:tid 2040] apachelounge.nl: received certificate
[Sat Sep 09 17:15:59.864503 2017] [md:info] [pid 1916:tid 2040] apachelounge.nl: retrieving certificate chain

After 12 hours
[Sun Sep 10 05:21:02.956013 2017] [md:info] [pid 1916:tid 2040] AH10051: md(apachelounge.nl): has been renewed, should be activated in 10:54:57 hours

After 24 hours
[Sun Sep 10 17:26:37.007864 2017] [md:info] [pid 1916:tid 2040] AH10051: md(apachelounge.nl): has been renewed, should be activated in about now

After 36 hours
[Mon Sep 11 05:31:52.301616 2017] [md:info] [pid 1916:tid 2040] AH10051: md(apachelounge.nl): has been renewed, should be activated in about now

[icing]

@SteffenAL thanks for the feedback! That indeed needs fixing.

[icing]

Could you check if v0.9.3 now behaves as you expect? Thanks!

[SteffenAL]

Better. For me, I leave it on LogLevel info md:trace2 ssl:notice, so I can see what is going on.

v0.9.4-git:

Renewal (MDRenewWindow)
[Wed Sep 13 16:17:26.853024 2017] [md:info] [pid 1820:tid 2036] apachelounge.nl: setup staging
[Wed Sep 13 16:17:26.856024 2017] [md:info] [pid 1820:tid 2036] apachelounge.nl: need certificate
[Wed Sep 13 16:17:27.671261 2017] [md:info] [pid 1820:tid 2036] apachelounge.nl: check Terms-of-Service agreement
[Wed Sep 13 16:17:27.671261 2017] [md:info] [pid 1820:tid 2036] apachelounge.nl: setup new authorization
[Wed Sep 13 16:17:30.780912 2017] [md:info] [pid 1820:tid 2036] apachelounge.nl: setup new challenges
[Wed Sep 13 16:17:31.897056 2017] [md:info] [pid 1820:tid 2036] apachelounge.nl: monitoring challenge status
[Wed Sep 13 16:17:32.832094 2017] [md:info] [pid 1820:tid 2036] apachelounge.nl: checked all domain authorizations
[Wed Sep 13 16:17:32.832094 2017] [md:info] [pid 1820:tid 2036] apachelounge.nl: creating certificate request
[Wed Sep 13 16:17:34.204304 2017] [md:info] [pid 1820:tid 2036] apachelounge.nl: received certificate
[Wed Sep 13 16:17:34.204304 2017] [md:info] [pid 1820:tid 2036] apachelounge.nl: retrieving certificate chain
[Wed Sep 13 16:17:34.656553 2017] [md:notice] [pid 1820:tid 2036] AH10051: apachelounge.nl: has been renewed successfully and should be activated at Thu, 14 Sep 2017 13:18:00 GMT (this requires a server restart latest in 23:00:26 hours)

After 12 hours
No messages

After 24 hours
[Thu Sep 14 15:23:04.975055 2017] [md:notice] [pid 1820:tid 2036] AH10059: The Managed Domain apachelounge.nl has been setup and changes will be activated on next (graceful) server restart.

After 36 hours
No messages

[icing]

Thanks for testing, @SteffenAL !