getssl
getssl copied to clipboard
srvrco
logfile
ok, -d flag can enable debug information but it's a little bit useless if the command is scheduled with cron and not run interactively. What about adding a simple parameter LOGFILE in getssl.cfg, where redirect logs? -f
this cron is pretty simple achieve this:
$crontab -l ... 17 10 * * * /root/bin/getssl -u f.q.d.n -w /etc/le >> /tmp/test 2>&1 ...
I don't if it can be useful an option directly inside the acme script...
redirecting is easy, but it has no timestamps. however, may I suggest considering logging to syslog? this would also be helpful for all those who are logging to a central server.
with the -s flag to logger you can get log to the console too
# logger -is -p local3.info -t getssl bla
getssl[31664]: bla
Been a little busy recently - I'll take a look at adding this though ( or happy to have a PR for it )
An option to log the output would be very handy now that I've managed to get it setup and running off cron.
Either it's own log file or syslog would be ideal.
Guys, have you tried piping the output of getssl into logger. you get timestamps and everything.
I have been fighting to get the output of cron runs of getssl to a log file for quite some time now, as I apparently have an error that is occurring when run from cron, and I can't see the output to determine what it is.
I can only conclude that there is something that needs to happen in the script itself to make this possible, unless someone has been successful in getting such logs.
I have tried every variation of piping, redirecting, tee, and now, I just saw that suggestion to pipe into logger. None have worked for me. I would be very interested in hearing from someone that has been successful in getting logs to happen. Or, if I could be given a brief primer on what needs to happen in getssl itself, I'd be happy to work out a PR. Bash scripting isn't my forte, but with a little guidance, I'm sure I could get up to speed.
Would love to stop the cycle of client calls every 90 days saying the cert is bad, running getssl manually, spending several hours trying to figure out the logging, and giving up when other priorities pull me away from it! :)
Hi @twainj
I've not had any problems saving the logfile from getssl from cron, but to test I started an Ubuntu 20 LTS instance on AWS and ran the following commands to setup the environment:
git clone https://github.com/srvrco/getssl.git
export DUCKDNS_TOKEN=$(grep DUCKDNS_TOKEN getssl/test/Dockerfile-ubuntu-staging | awk '{ print $3 }')
export PUBLIC_IP=$(curl http://169.254.169.254/latest/meta-data/public-ipv4)
curl "https://www.duckdns.org/update?domains=ubuntu-getssl.duckdns.org&token=${DUCKDNS_TOKEN}&ip=${PUBLIC_IP}"
getssl/getssl -c ubuntu-getssl.duckdns.org
cp getssl/test/test-config/getssl-staging-dns01.cfg ~/.getssl/ubuntu-getssl.duckdns.org/getssl.cfg
echo 'CHECK_REMOTE="false"' >> ~/.getssl/ubuntu-getssl.duckdns.org/getssl.cfg
echo 'DNS_ADD_COMMAND="/home/ubuntu/getssl/dns_scripts/dns_add_duckdns"' >> ~/.getssl/ubuntu-getssl.duckdns.org/getssl.cfg
echo 'DNS_DEL_COMMAND="/home/ubuntu/getssl/dns_scripts/dns_del_duckdns"' >> ~/.getssl/ubuntu-getssl.duckdns.org/getssl.cfg
Then I created a crontab entry as follows (where 11 is the next minute):
11 * * * * /home/ubuntu/getssl/getssl ubuntu-getssl.duckdns.org 2>&1 >> /tmp/getssl.log
and verified that the logfile contains the error message:
cat /tmp/getssl.log
creating account key /home/ubuntu/.getssl/account.key
creating key - /home/ubuntu/.getssl/account.key
creating key - /home/ubuntu/.getssl/ubuntu-getssl.duckdns.org/ubuntu-getssl.duckdns.org.key
creating domain csr - /home/ubuntu/.getssl/ubuntu-getssl.duckdns.org/ubuntu-getssl.duckdns.org.csr
Registering account
Registered
Verify each domain
Verifying ubuntu-getssl.duckdns.org
DUCKDNS_TOKEN not set
Can you try something like see if it works for you?
I'll add the ability to write to a logfile, but I think your problem is probably caused by a difference in the cron environment to your shell environment (different PATH or missing variables) and getssl isn't being executed
Why was this closed? There still isn't a decent logging feature for getssl when running off cron.
2>&1 >> /tmp/getssl.log
doesn't give you any timestamps which is useful if you're running getssl every night.
If the redirect is the only option then it might be handy to have it in the instructions.
Hi @ddalben,
I closed it as it had been open since 2017, the original requester doesn't appear to be active on github anymore, and there were several suggested solutions; logger getssl, getssl | logger, and redirecting to a logfile /root/bin/getssl -u f.q.d.n -w /etc/le >> /tmp/test 2>&1 (which is what I use and tested)
It should be an easy change but there are a number of error conditions which don't use the info, debug, or error_exit functions which would need careful thought about whether they can be redirected to a log file (e.g. the POSIX check at the start of the file)
Happy to re-open this and put this on the enhancement list if you would still find it useful?
Hi @timkimber ,
Thanks. Apologies if I came across ungrateful. twasn't the intent. I used the 2>&1 >> /tmp/getssl.log option and it gave me the logging, though without any time stamps. Luckily caught an upgrade that happened which was handy.
I do think more robust logging to either syslog or a logfile of choice would be ideal, but the redirection is a decent stopgap.
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}