Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 1709 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dehydrated trying to renew certs every minute

stn

Hi,

I'm running 9.700-5 firmware and i'm not sure if this was happening on thre previous firmware.

Basically system.log is spammed by dehydrated trying to renew the cert every minute

utm:/home/login # cat /var/log/system.log | grep "(dehydrated)"
2019:11:03-00:01:01 utm /usr/sbin/cron[12618]: (dehydrated) CMD (/var/chroot-reverseproxy/usr/dehydrated/bin/renew_certificate.pl  > /dev/null)
2019:11:03-00:02:01 utm /usr/sbin/cron[12975]: (dehydrated) CMD (/var/chroot-reverseproxy/usr/dehydrated/bin/renew_certificate.pl  > /dev/null)
Etc.
2019:11:03-02:58:01 utm /usr/sbin/cron[5896]: (dehydrated) CMD (/var/chroot-reverseproxy/usr/dehydrated/bin/renew_certificate.pl  > /dev/null)
2019:11:03-02:59:01 utm /usr/sbin/cron[6171]: (dehydrated) CMD (/var/chroot-reverseproxy/usr/dehydrated/bin/renew_certificate.pl  > /dev/null)

 

From what i can see in crontab it's suppose to be running once a day: (both /etc/crontab and /etc/crontab.letsenecrypt-renewal has the same entry)

# Check CSRs for renewal
31 1 * * * dehydrated /var/chroot-reverseproxy/usr/dehydrated/bin/check_renewal.pl  -s > /dev/null

 

Is this normal?



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Would you please post logs from let's encrypt from /var/log/letsencrypt.log in Sophos UTM?

    Regards

    Jaydeep

  • 0 in reply to Jaydeep

    Hi,

     

    utm:/var/log/letsencrypt/2019/11 # ls -l
    total 32
    -rw-r--r-- 1 root log 202 Nov  1 01:31 letsencrypt-2019-11-01.log.gz
    -rw-r--r-- 1 root log 203 Nov  2 01:31 letsencrypt-2019-11-02.log.gz
    -rw-r--r-- 1 root log 203 Nov  3 01:31 letsencrypt-2019-11-03.log.gz
    -rw-r--r-- 1 root log 203 Nov  4 03:21 letsencrypt-2019-11-04.log.gz
    -rw-r--r-- 1 root log 202 Nov  5 03:21 letsencrypt-2019-11-05.log.gz
    -rw-r--r-- 1 root log 203 Nov  6 03:21 letsencrypt-2019-11-06.log.gz
    -rw-r--r-- 1 root log 202 Nov  7 03:21 letsencrypt-2019-11-07.log.gz
    -rw-r--r-- 1 root log 203 Nov  8 03:21 letsencrypt-2019-11-08.log.gz
    utm:/var/log/letsencrypt/2019/11 # zcat letsencrypt-2019-11-03.log.gz
    2019:11:03-01:31:01 utm letsencrypt[12899]: I Check renewal: skip REF_CaCsrWebManagem (domains: utm.domain.com): certificate valid until Jan 23 17:04:15 2020 GMT (longer than 30 days)
    utm:/var/log/letsencrypt/2019/11 # cat /var/log/letsencrypt.log
    2019:11:09-03:21:01 utm letsencrypt[17294]: I Check renewal: skip REF_CaCsrWebManagem (domains: utm.domain.com): certificate valid until Jan 23 17:04:15 2020 GMT (longer than 30 days)

     

    I only have WebInterface certificate configured in my UTM.

    UTM has been restarted since i create this ticket.

    Issue is still happening.

     

    Thanks

Reply
  • 0 in reply to Jaydeep

    Hi,

     

    utm:/var/log/letsencrypt/2019/11 # ls -l
    total 32
    -rw-r--r-- 1 root log 202 Nov  1 01:31 letsencrypt-2019-11-01.log.gz
    -rw-r--r-- 1 root log 203 Nov  2 01:31 letsencrypt-2019-11-02.log.gz
    -rw-r--r-- 1 root log 203 Nov  3 01:31 letsencrypt-2019-11-03.log.gz
    -rw-r--r-- 1 root log 203 Nov  4 03:21 letsencrypt-2019-11-04.log.gz
    -rw-r--r-- 1 root log 202 Nov  5 03:21 letsencrypt-2019-11-05.log.gz
    -rw-r--r-- 1 root log 203 Nov  6 03:21 letsencrypt-2019-11-06.log.gz
    -rw-r--r-- 1 root log 202 Nov  7 03:21 letsencrypt-2019-11-07.log.gz
    -rw-r--r-- 1 root log 203 Nov  8 03:21 letsencrypt-2019-11-08.log.gz
    utm:/var/log/letsencrypt/2019/11 # zcat letsencrypt-2019-11-03.log.gz
    2019:11:03-01:31:01 utm letsencrypt[12899]: I Check renewal: skip REF_CaCsrWebManagem (domains: utm.domain.com): certificate valid until Jan 23 17:04:15 2020 GMT (longer than 30 days)
    utm:/var/log/letsencrypt/2019/11 # cat /var/log/letsencrypt.log
    2019:11:09-03:21:01 utm letsencrypt[17294]: I Check renewal: skip REF_CaCsrWebManagem (domains: utm.domain.com): certificate valid until Jan 23 17:04:15 2020 GMT (longer than 30 days)

     

    I only have WebInterface certificate configured in my UTM.

    UTM has been restarted since i create this ticket.

    Issue is still happening.

     

    Thanks

Children
No Data
Unfiltered HTML