Lemur not creating any Notification for expired Certificates

[RaZZ7633]

Currently having issues with the E-Mail Plugin and Notifications

Lemur itself runs fine but whenever i try to notify the expired certificates that I imported, i get this output:

[!] Creating 0 notifications for days as specified by LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS

Also whenever try to use „lemur notify expirations“ it shows this:

Starting to notify subscribers about expiring certificates!

And it stops right there and i don’t know why. I’ve setup the Mail Config just like in the documentation and checked several times with other issues on GitHub but i cant figure out to why this isnt working.

I’m working on Ubuntu 22.04 which i open using WSL through windows.

I hope you could help me somehow, because currently i can’t seem to find the issue.

[m-wack]

I've got the same Issue. Tried using „lemur notify expirations“ (with the correct config-file of course), however, it stops after 'Starting to notify subscribers about expiring certificates!'.

Normally it should output something like 'X Notifications sent'.

We are running inside Ubuntu.

[jtschladen]

@RaZZ7633 in your message, you included the log:

[!] Creating 0 notifications for days as specified by LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS

This appears to be coming from the Lemur initialization here: https://github.com/Netflix/lemur/blob/dca80032290599064278eed37db11cac7047dd35/lemur/manage.py#L270C48-L270C57

This initialization requires a value to be specified for LEMUR_DEFAULT_EXPIRATION_NOTIFICATION_INTERVALS, but the output you're seeing seems to indicate it's empty (in which case no default notifications will be configured).

Can you please confirm exactly what you're trying to execute -- are you trying to initialize Lemur and not seeing any default notifications set up? Have you already initialized and added custom notifications, but aren't seeing them be triggered?

@m-wack your issue looks perhaps a bit more straightforward. Can you likewise confirm that you see notifications set up in the "Notifications" tab of Lemur, and that you've got certificates expiring in a time frame matching the notifications? And have you had notifications working previously, but they recently stopped working?

And for both of you: Which version of Lemur are you running?

[m-wack]

@m-wack your issue looks perhaps a bit more straightforward. Can you likewise confirm that you see notifications set up in the "Notifications" tab of Lemur, and that you've got certificates expiring in a time frame matching the notifications? And have you had notifications working previously, but they recently stopped working?

And for both of you: Which version of Lemur are you running?

We have notifications set up. The default ones get created, but we don't use them. We have both a set of Slack as well as Mail Notifications (of course, the Mail Server is configured inside the config.py) manually created. We then assigned our created notifications (both Slack & Mail) to all our imported Certs.

Then to test, I adapted Slack&Mail Notifications respectively to match exactly the number of days one of the certificates will expire in (to be precise 84 days from now). I also tested with +1 day and -1 day, that didn't change anything. I also made sure the time inside the machine running Lemur is correct. It is.

I cannot comment if notifications worked before as we just started implementing them (so we don't have the cron job for them yet, I just run the notify command by hand for testing and debugging).

We are using the latest Lemur v1.5.0 release currently.

[RaZZ7633]

I also have Notifications Setup . The default ones are getting created and both the default ones and the ones that i made myself are visible in Lemur's Webiste in the tab "Notifications". I also have Certifcates i a time frame that are mathcing those and the notifications haven't worked previously either.

I was just trying to initialize Lemur again after adding my custom Notifications as Lemur had the output that i mentioned before.

I'm not trying iniltialize Lemur anymore as it is already working in terms of tracking certifactes and I'm also able to create Notifcations and able to assign these to the certificates. But Lemur isn't showing me that during the output of the initialization. My Notifications aren't getting triggered and i think this might be to Lemur not using my Notifcations, but even when using the default Notifications from Lemur it should send out Notifacations, because i've tried several imported test Notifications.

I'm also using the command "lemur notify expirations" so far as i didn't get the Notifcations to work in the first place so there is no cron job so far).

We are also currently using the latest v1.5.0 of Lemur.

[m-wack]

So we basically are at the same stage with the same bug it looks like.

[mjung-tf]

Since the last line it logs is Starting to notify subscribers about expiring certificates! there has to be an exception in the following code, otherwise the log Finished notifying subscribers about expiring certificates! Sent: {success} Failed: {failed} would be there

So I modified the code in our container to print the exception which shows the following:

Working outside of application context.

This typically means that you attempted to use functionality that needed
the current application. To solve this, set up an application context
with app.app_context(). See the documentation for more information.

If I build a wrapper script and call it in the cronjob instead of using lemur notify expirations it works

from lemur import create_app
from lemur.notifications.cli import expirations_command

app = create_app()
with app.app_context():
    expirations_command()