Notifications upon acme auto-renewal failures

Started by dig1234, October 31, 2024, 04:01:26 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 31, 2024, 04:01:26 AM
Hello I can't seem to find a way to receive email notification if the acme client fails to auto-renew certificates. Does anyone have ideas? How are you monitoring acme renewals?
October 31, 2024, 10:04:23 AM #1
I have a Zabbix server monitoring all my certificate's expiration dates, and it's occasionally alerted me to a failed ACME renewal, but as you mention, it would be nice for ACME itself to have some way to report problems, if there isn't already some other way that I'm not aware of.
October 31, 2024, 10:09:42 AM #2
I use Uptime-Kuma for monitoring (among other things), it has as well the possibility to monitor cert expiration for a certain domain/destination.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
October 31, 2024, 06:17:26 PM #3
Ok I was able to create a file content Monit alert which looks for Error in the acme log and sends me an email if renewal failed for any reason. I like this because I find out before customers see it... The only thing I don't like is that I had to manually write a file to the box in the /usr/local/etc/monit.opnsense.d folder with the following content:
SET LIMITS {
   FILECONTENTBUFFER: 10 MB
}

I'm concerned this file will get lost on updates etc...
In pfsense I was able to use the filer plugin to write custom files from the UI and the changes were stored in the config XML so they persisted across updates/restores. Does anything like that exist for Opnsense?

Aside from that I can post the full solution if anyone wants to replicate it.
Print
Go Up Pages1
User actions