Could the LetsEncrypt plugin notify the sysadmin when a task is failing?

  • Hello,

    I has found sometimes some domain update ssl will failed. Not at all. It's not auto retry update it. I also don't know it's update ssl failed.

    Could add notification admin user when update failed?

  • Good morning,


    There is normally an automatic retry every hour. You can create an issue on our bug tracker for the notification feature.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Nuxwin

    Added the Label question (answered)
  • I has found one domain September ssl expired. But it's update failed unit to Oct. I has report to bug tracker.

    Well, you don't provide us sufficient information. As always when you're reporting an issue with a plugin, you need provide us with the following information:


    1. Distribution and codename
    2. i-MSCP version
    3. Plugin version (here, the i-MSCP LetsEncrypt plugin version)
    4. The letsencrypt logs for the renewal failure, located in the /var/log/letsencrypt directory
    5. The i-MSCP plugin logs, located in /var/log/imscp directory


    There can be some failures time to time due to the fact that the Let's Encrypt infrastructure can become unreachable and so on... but generally, those issues are solved in the next minutes. That's why the plugin automatically retry for the pending tasks every hour (here, the renewal tasks). Now, without the logs, we can't say anything more. There can be a bug in the plugin itself but it is difficult to say what's going on without further information.


    Thank you for your understanding ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Nuxwin

    Set the Label from question (answered) to awaiting Information
  • Nuxwin

    Changed the title of the thread from “Could LetsEncrypt notification admin user when update ssl failed?” to “Could the LetsEncrypt plugin notify the sysadmin when a task is failing?”.
  • Debian 8.11

    imscp 1.5.3 2018120800

    plugins version 3.5.0

    Code
    1. letsencrypt.log.81:FailedChallenges: Failed authorization procedure. ju.minsu918.com.tw (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://ju.minsu918.com.tw/.well-known/acme-challenge/yIMfCVUlXPyaXE_gOwzhQsM-QkdBE6QFLRzf7sr5gDQ: Timeout during connect (likely firewall problem)
    2. letsencrypt.log.81:FailedChallenges: Failed authorization procedure. ju.minsu918.com.tw (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://ju.minsu918.com.tw/.well-known/acme-challenge/yIMfCVUlXPyaXE_gOwzhQsM-QkdBE6QFLRzf7sr5gDQ: Timeout during connect (likely firewall problem)
    3. letsencrypt.log.86: "detail": "Fetching http://hualien.minsu918.com.tw/.well-known/acme-challenge/tg0ydOP8Pritv01LlfVIqhObrNSd_zn-EBd4p4rDojI: Timeout during connect (likely firewall problem)",
    4. letsencrypt.log.86:Detail: Fetching http://hualien.minsu918.com.tw/.well-known/acme-challenge/tg0ydOP8Pritv01LlfVIqhObrNSd_zn-EBd4p4rDojI: Timeout during connect (likely firewall problem)
    5. letsencrypt.log.86:FailedChallenges: Failed authorization procedure. hualien.minsu918.com.tw (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://hualien.minsu918.com.tw/.well-known/acme-challenge/tg0ydOP8Pritv01LlfVIqhObrNSd_zn-EBd4p4rDojI: Timeout during connect (likely firewall problem)
    6. letsencrypt.log.86:FailedChallenges: Failed authorization procedure. hualien.minsu918.com.tw (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://hualien.minsu918.com.tw/.well-known/acme-challenge/tg0ydOP8Pritv01LlfVIqhObrNSd_zn-EBd4p4rDojI: Timeout during connect (likely firewall problem)
    7. letsencrypt.log.88: "detail": "Fetching http://green.minsu918.com.tw/.well-known/acme-challenge/dbmL0ojcGJjJYpOVNBkY2X3VvNHFp2yJJAoGwE5gV2M: Timeout during connect (likely firewall problem)",
    8. letsencrypt.log.88:Detail: Fetching http://green.minsu918.com.tw/.well-known/acme-challenge/dbmL0ojcGJjJYpOVNBkY2X3VvNHFp2yJJAoGwE5gV2M: Timeout during connect (likely firewall problem)
    9. letsencrypt.log.88:FailedChallenges: Failed authorization procedure. green.minsu918.com.tw (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://green.minsu918.com.tw/.well-known/acme-challenge/dbmL0ojcGJjJYpOVNBkY2X3VvNHFp2yJJAoGwE5gV2M: Timeout during connect (likely firewall problem)
    10. letsencrypt.log.88:FailedChallenges: Failed authorization procedure. green.minsu918.com.tw (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://green.minsu918.com.tw/.well-known/acme-challenge/dbmL0ojcGJjJYpOVNBkY2X3VvNHFp2yJJAoGwE5gV2M: Timeout during connect (likely firewall problem)

    Please check it. It's not auto renew it. The log file name is letsencrypt.log.88 and other log not found about domain name.

  • The log already tells you one of the issues (why and how is something else), the system cant properly connect to the domain (or vice versa).

    Is there a certbot log or other logfile in /var/log/(letsencrypt/)?

    Have a nice day. :)

  • I have two question.

    1. It's not auto retry later when it's failed.

    2. It's need notification admin user when it's failed.

    I know sometimes network maybe too slow. But it's can auth when I manual force retry it's can auth it. It's not firewall block it. So I need notification admin user when it's failed.

    What log path do you want see?

    Edited 2 times, last by akong7777 ().