-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
After renewal no line in log to restart, and request notice entries #42
Comments
Hmm, there is not a grace period for MDs that renew. If the MD has still a valid cert, the renewal is delayed by 24 hours (or until the existing cert expires). That means you will not see the log message about restart until it is time. Could this be what you are observing? |
No. It is renewed I have MDRenewWindow set and it is renewed. I like to see a Warn message like : Managed Domain has reached MDRenewWindow and has retrieved a new certificate that will be activated on next (graceful) server restart. |
Yes, it will be renewed - but it will not immediately be activated. There is now a wait period. So you will see the renewal in the logs, but the message to restart will come one day later. |
Nothing in the warn/notice log during/after the renewal. Only I see it when I have LogLevel info md:trace2 Not a big deal, we can always set LogLevel info md:trace2, to see what is going on. |
@icing you said above: So you will see the renewal in the logs, but the message to restart will come one day later. During renewal see no word renewal. Or you mean the message with need certificate ? No restart message one day later as you said. After 12 hours an info message that it is renewed. At loglevel warn (default) and notice no messages, only with info. Renewal (MDRenewWindow) After 12 hours After 24 hours After 36 hours |
@SteffenAL thanks for the feedback! That indeed needs fixing. |
…on and server restarts. Related to issue #42
Could you check if v0.9.3 now behaves as you expect? Thanks! |
Better. For me, I leave it on LogLevel info md:trace2 ssl:notice, so I can see what is going on. v0.9.4-git: Renewal (MDRenewWindow) After 12 hours After 24 hours After 36 hours |
Thanks for testing, @SteffenAL ! |
Running v0.8.2
At the initial setup we get: Managed Domain has been setup and changes will be activated on next (graceful) server restart.
With renewal I miss that kind of logline.
last lines in log with loglevel = info:
[md:info] [pid 4112:tid 1964] apachelounge.nl: received certificate
[md:info] [pid 4112:tid 1964] apachelounge.nl: retrieving certificate chain
No loglevel = notice and warn entries.
Maybe better to log some with loglevel = warn (is default), like:
apachelounge.nl: received certificate
apachelounge.nl: retrieving certificate chain
all managed domains are valid
Managed Domain has been setup and changes will be activated on next (graceful) server restart.
AH10053: md(apachelounge.nl): is complete, cert expires Mon, 04 Dec 2017 13:06:00 GMT
AH: next run in 12:00:00 hours
..
..
So it is less magic.
The text was updated successfully, but these errors were encountered: