Text only | Text with Images

OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: hidalgo on December 23, 2020, 03:04:49 PM

Title: [SOLVED] No log files on Let’s Encrypt
Post by: hidalgo on December 23, 2020, 03:04:49 PM
I just try to get Let's Encrypt running (with no success at the moment) and then I realize I don't get any log file to do debugging. What's wrong? I recreated the file in the path /var/log/acme.sh.log

Is there any permission issue?
Title: Re: No log files on Let%u2019s Encrypt
Post by: hidalgo on December 23, 2020, 03:39:21 PM
I don%u2019t know why, but now it seems to work again. Sorry.

How do I change the status to solved?
Title: Re: No log files on Let’s Encrypt
Post by: xboarder56 on January 14, 2021, 03:24:48 AM
I just ran into this issue recently. Did you end up just recreating the log file with root and chmod it 600?

Some reason acme won't generate any log file when running. It's so strange.
Title: Re: No log files on Let’s Encrypt
Post by: Fright on January 14, 2021, 06:46:42 AM
is issue/renewal required for any certificate?
if its not - look for " issue/renewal not required" in system log
Title: Re: No log files on Let’s Encrypt
Post by: Arnaud on February 01, 2021, 06:45:37 PM
Hi,
first post here after using OPNSense for 6 months. :) Many thanks to you for having created OPNSense!!

I have the same issue as described previously: the web GUI gives
Code Select
File /var/log/acme.sh.log doesn't exist.
This machine is a real machine create by using backup/restore from a virtual machine.

/var/log/acme.sh.log was present into the virtual machine.

Creating/renewing certs works (if all things are correct!) but doesn't generate the log file => in case of issues it is difficult to solve.....

=> what can I do? Create an empty file? Which permissions? Uninstall the plugin and reinstall it? Is it possible to delete completely the conf of the plugin?

Thanks.
Arnaud
Title: Re: No log files on Let’s Encrypt
Post by: Fright on February 02, 2021, 08:43:51 AM
maybe an explanation of the maintainer would be helpful
https://github.com/opnsense/plugins/issues/1948
Title: Re: No log files on Let’s Encrypt
Post by: Arnaud on February 02, 2021, 09:08:41 PM
Hi Fright,
and many thanks for the quick answer.
The link helped me:
- after remaking the setup step by step and selecting "staging environment" I get the logs by renewing the cert
- after selecting "production environment" and renewing the cert, there is no new log (with "normal" and "extended" log level) while the the cert has been renewed
- System: Log Files: General and search for "AcmeClient" shows the missing logs

=> the logs are not added any more to /var/log/acme.sh.log by switching from "staging environment" to "production environment".
I use http-01 as challenge-typ

As a newbie with OPNSense, I would quietly say that this seems to be a (small) bug.... :-[

Bye
Arnaud
Title: Re: No log files on Let’s Encrypt
Post by: Fright on February 03, 2021, 08:21:36 AM
QuoteI get the logs by renewing the cert
so now there is records in Services: Let's Encrypt: Log File?

Quotethe logs are not added any more to /var/log/acme.sh.log
fresh records appear only if the acme.sh is launched. that is, if actions are performed with a certificate or account using this script. if the certificate is checked and does not require action, then there will be no fresh entries in this log
Title: Re: No log files on Let’s Encrypt
Post by: Arnaud on February 03, 2021, 09:44:37 PM
Quote from: Fright on February 03, 2021, 08:21:36 AM
QuoteI get the logs by renewing the cert
so now there is records in Services: Let's Encrypt: Log File?
yes file exists now and contains the log messages

Quote from: Fright on February 03, 2021, 08:21:36 AM
Quotethe logs are not added any more to /var/log/acme.sh.log
fresh records appear only if the acme.sh is launched. that is, if actions are performed with a certificate or account using this script. if the certificate is checked and does not require action, then there will be no fresh entries in this log
yes, I understand this (I hope!). But forcing the renewing of the cert uses acme.sh, doesn't it?
Looking at the date and time of "issue/renewal date" and "Last acme run" I see that the cert is really renewed.

Under the staging environment this produces logs into /var/log/acme.sh.log, under the production environment logs aren't produced any more => is this normal?
Title: Re: No log files on Let’s Encrypt
Post by: Fright on February 04, 2021, 06:26:43 AM
Quoteunder the production environment logs aren't produced any more => is this normal?
dont think so.
you can try to del acme.sh.log, change log level to debug at "Services: Let's Encrypt: Settings", force cert renew, go to "System: Log Files: General" and search for "running acme.sh command". there should be record like "AcmeClient: running acme.sh command: /usr/local/sbin/acme.sh --issue --debug". If it is and acme.sh.log does not contain new entries, then something is definitely wrong.
Title: Re: No log files on Let’s Encrypt
Post by: Arnaud on February 06, 2021, 11:10:57 AM
Hi,
I made the test: "System: Log Files: General" shows
Code Select
AcmeClient: running acme.sh command: /usr/local/sbin/acme.sh --issue --debug --webroot /var/etc/acme-client/challenges etc.....
and no logs into "Services: Let's Encrypt: Log File":
Code Select
File /var/log/acme.sh.log yielded no results.
=>there is a problem.

... and now? How get it fixed?
Do you have the right place to report this?
Title: Re: No log files on Let’s Encrypt
Post by: Fright on February 06, 2021, 11:18:07 AM
Hi
i think that https://github.com/opnsense/plugins/issues is ther right place for this ticket
Title: Re: No log files on Let’s Encrypt
Post by: Arnaud on February 09, 2021, 08:41:11 PM
https://github.com/opnsense/plugins/issues/2227
Title: Re: No log files on Let’s Encrypt
Post by: Fright on February 16, 2021, 05:08:12 PM
maintainer has already fixed this bug (opnsense-patch -c plugins 3a029db4)
Text only | Text with Images