OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: vince on June 14, 2018, 09:28:59 am

Title: no log for acme.sh if using dns challenge
Post by: vince on June 14, 2018, 09:28:59 am

When I issue/renew a certificate and use HTTP-01 for validation I get a lot of log output, which is helpful.
When I use DNS-01 instead I get no log lines at all, which demotes debugging to pure guesswork and poking around in the dark does not get my anywhere.

1) Is there a way to see the full acme.sh command that is executed by opnsense, so I can try to get more output executing it myself?
2) Is this an issue with opnsense, or should I open a ticket at the acme.sh github repo?

EDIT: I do get log output, it just vanishes as soon as acme.sh is done running (with whatever result)

Title: Re: no log for acme.sh if using dns challenge
Post by: DonSYS on June 23, 2018, 02:15:55 am

Hi, the logs tab in the GUI menu, is echoing from /var/log/acme.sh.log which is itself is directly created from acme.sh script.

1. you can do this, I'm thinking of making this natively, but for now to see the executing script you need to edit the /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php file after line 771 and print the $acmecmd var to a log file:
    $DEBUG= "executing command: " . $acmecmd . "\n \n";
    file_put_contents('logs.txt', $DEBUG, FILE_APPEND);

This way you will get a log file in that path for the executed acme.sh options on each issue, issue force and renew run.

If you have issues you can directly file an issue in OPNsense plugin repo: https://github.com/opnsense/plugins