[SOLVED] No log files on Let’s Encrypt

Started by hidalgo, December 23, 2020, 03:04:49 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 23, 2020, 03:04:49 PM Last Edit: February 17, 2021, 09:03:17 AM by AdSchellevis
I just try to get Let's Encrypt running (with no success at the moment) and then I realize I don't get any log file to do debugging. What's wrong? I recreated the file in the path /var/log/acme.sh.log

Is there any permission issue?
December 23, 2020, 03:39:21 PM #1 Last Edit: December 23, 2020, 03:41:06 PM by hidalgo
I don%u2019t know why, but now it seems to work again. Sorry.

How do I change the status to solved?
January 14, 2021, 03:24:48 AM #2
I just ran into this issue recently. Did you end up just recreating the log file with root and chmod it 600?

Some reason acme won't generate any log file when running. It's so strange.
January 14, 2021, 06:46:42 AM #3 Last Edit: January 14, 2021, 09:21:41 AM by Fright
is issue/renewal required for any certificate?
if its not - look for " issue/renewal not required" in system log
February 01, 2021, 06:45:37 PM #4
Hi,
first post here after using OPNSense for 6 months. :) Many thanks to you for having created OPNSense!!

I have the same issue as described previously: the web GUI gives
Code Select
File /var/log/acme.sh.log doesn't exist.
This machine is a real machine create by using backup/restore from a virtual machine.

/var/log/acme.sh.log was present into the virtual machine.

Creating/renewing certs works (if all things are correct!) but doesn't generate the log file => in case of issues it is difficult to solve.....

=> what can I do? Create an empty file? Which permissions? Uninstall the plugin and reinstall it? Is it possible to delete completely the conf of the plugin?

Thanks.
Arnaud
February 02, 2021, 08:43:51 AM #5
maybe an explanation of the maintainer would be helpful
https://github.com/opnsense/plugins/issues/1948
February 02, 2021, 09:08:41 PM #6
Hi Fright,
and many thanks for the quick answer.
The link helped me:
- after remaking the setup step by step and selecting "staging environment" I get the logs by renewing the cert
- after selecting "production environment" and renewing the cert, there is no new log (with "normal" and "extended" log level) while the the cert has been renewed
- System: Log Files: General and search for "AcmeClient" shows the missing logs

=> the logs are not added any more to /var/log/acme.sh.log by switching from "staging environment" to "production environment".
I use http-01 as challenge-typ

As a newbie with OPNSense, I would quietly say that this seems to be a (small) bug.... :-[

Bye
Arnaud
February 03, 2021, 08:21:36 AM #7 Last Edit: February 03, 2021, 07:30:06 PM by Fright
QuoteI get the logs by renewing the cert
so now there is records in Services: Let's Encrypt: Log File?

Quotethe logs are not added any more to /var/log/acme.sh.log
fresh records appear only if the acme.sh is launched. that is, if actions are performed with a certificate or account using this script. if the certificate is checked and does not require action, then there will be no fresh entries in this log
February 03, 2021, 09:44:37 PM #8
Quote from: Fright on February 03, 2021, 08:21:36 AM
QuoteI get the logs by renewing the cert
so now there is records in Services: Let's Encrypt: Log File?
yes file exists now and contains the log messages

Quote from: Fright on February 03, 2021, 08:21:36 AM
Quotethe logs are not added any more to /var/log/acme.sh.log
fresh records appear only if the acme.sh is launched. that is, if actions are performed with a certificate or account using this script. if the certificate is checked and does not require action, then there will be no fresh entries in this log
yes, I understand this (I hope!). But forcing the renewing of the cert uses acme.sh, doesn't it?
Looking at the date and time of "issue/renewal date" and "Last acme run" I see that the cert is really renewed.

Under the staging environment this produces logs into /var/log/acme.sh.log, under the production environment logs aren't produced any more => is this normal?
February 04, 2021, 06:26:43 AM #9
Quoteunder the production environment logs aren't produced any more => is this normal?
dont think so.
you can try to del acme.sh.log, change log level to debug at "Services: Let's Encrypt: Settings", force cert renew, go to "System: Log Files: General" and search for "running acme.sh command". there should be record like "AcmeClient: running acme.sh command: /usr/local/sbin/acme.sh --issue --debug". If it is and acme.sh.log does not contain new entries, then something is definitely wrong.
February 06, 2021, 11:10:57 AM #10
Hi,
I made the test: "System: Log Files: General" shows
Code Select
AcmeClient: running acme.sh command: /usr/local/sbin/acme.sh --issue --debug --webroot /var/etc/acme-client/challenges etc.....
and no logs into "Services: Let's Encrypt: Log File":
Code Select
File /var/log/acme.sh.log yielded no results.
=>there is a problem.

... and now? How get it fixed?
Do you have the right place to report this?
February 06, 2021, 11:18:07 AM #11
Hi
i think that https://github.com/opnsense/plugins/issues is ther right place for this ticket
February 09, 2021, 08:41:11 PM #12
February 16, 2021, 05:08:12 PM #13
maintainer has already fixed this bug (opnsense-patch -c plugins 3a029db4)
Print
Go Up Pages1
User actions