Hello I can't seem to find a way to receive email notification if the acme client fails to auto-renew certificates. Does anyone have ideas? How are you monitoring acme renewals?
I have a Zabbix server monitoring all my certificate's expiration dates, and it's occasionally alerted me to a failed ACME renewal, but as you mention, it would be nice for ACME itself to have some way to report problems, if there isn't already some other way that I'm not aware of.
I use Uptime-Kuma for monitoring (among other things), it has as well the possibility to monitor cert expiration for a certain domain/destination.
Regards,
S.
Ok I was able to create a file content Monit alert which looks for Error in the acme log and sends me an email if renewal failed for any reason. I like this because I find out before customers see it... The only thing I don't like is that I had to manually write a file to the box in the /usr/local/etc/monit.opnsense.d folder with the following content:
SET LIMITS {
FILECONTENTBUFFER: 10 MB
}
I'm concerned this file will get lost on updates etc...
In pfsense I was able to use the filer plugin to write custom files from the UI and the changes were stored in the config XML so they persisted across updates/restores. Does anything like that exist for Opnsense?
Aside from that I can post the full solution if anyone wants to replicate it.