You’re right, I don’t need the dashboard. I would just like to stop receiving the daily emails, and I currently see no way of doing that.
If I choose to just send it to spam or block it, my fear is that then I might miss an actually valid alarm. If something actually breaks and my sites are about to go down due to expired certificates, I think a warning email would be very useful…
I also think this might be a bug with ZeroSSL alarms, not with the integration. But I would like to check if I misconfigured something, I imagine that if for some reason the integration is renewing daily, then I would get (90 days later) a daily alarm of a certificate expiring…
@wernerhp do you know of any reason why this integration (or acme.sh) could be generating a new certificate every day?
If I understand correctly, the cron job runs daily to check, but it should only renew the certificate when approaching the date of expiry, not every day… am I correct? What could be causing it to renew every time? I think that is what is happening
I have 3 domains total. All of them are Home Assistant, using the same integration + acme.sh. But I know that the expiry email specifically mentions always the same domain, which is the first one I set up. I actually fear that I start getting the same problem in triplicate, in a few weeks, when my other domains reach 90 days “age” and their certificates start expiring also…
I can’t find errors in the logs… although I can only see today’s logs, I wish I could have a look at the past 90 days ago.
I used DNS challenge.
-----END CERTIFICATE-----
[Fri Sep 22 03:01:30 WEST 2023] Your cert is in: /root/.acme.sh/mydomain.webredirect.org_ecc/mydomain.webredirect.org.cer
[Fri Sep 22 03:01:30 WEST 2023] Your cert key is in: /root/.acme.sh/mydomain.webredirect.org_ecc/mydomain.webredirect.org.key
[Fri Sep 22 03:01:30 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:30 WEST 2023] acme.sh:_setopt:2309 14:USER_PATH='/command:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
[Fri Sep 22 03:01:30 WEST 2023] The intermediate CA cert is in: /root/.acme.sh/mydomain.webredirect.org_ecc/ca.cer
[Fri Sep 22 03:01:30 WEST 2023] And the full chain certs is there: /root/.acme.sh/mydomain.webredirect.org_ecc/fullchain.cer
[Fri Sep 22 03:01:30 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:30 WEST 2023] acme.sh:_setopt:2309 12:Le_CertCreateTime='1695348090'
[Fri Sep 22 03:01:30 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:30 WEST 2023] acme.sh:_setopt:2309 13:Le_CertCreateTimeStr='2023-09-22T02:01:30Z'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2309 14:Le_NextRenewTimeStr='2023-11-20T02:01:30Z'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2309 15:Le_NextRenewTime='1700445690'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_on_issue_success:3610 _on_issue_success
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_hasfield:486 '' does not contain 'dns'
[Fri Sep 22 03:01:31 WEST 2023] /root/.acme.sh/acme.sh:_exists:534 xargs exists=0
[Fri Sep 22 03:01:31 WEST 2023] /root/.acme.sh/acme.sh:_is_idn:1188 _is_idn_d='mydomain.webredirect.org'
[Fri Sep 22 03:01:31 WEST 2023] /root/.acme.sh/acme.sh:_is_idn:1190 _idn_temp
[Fri Sep 22 03:01:31 WEST 2023] /root/.acme.sh/acme.sh:_exists:534 readlink exists=0
[Fri Sep 22 03:01:31 WEST 2023] /root/.acme.sh/acme.sh:_exists:534 dirname exists=0
[Fri Sep 22 03:01:31 WEST 2023] /root/.acme.sh/acme.sh:__initHome:2626 Lets find script dir.
[Fri Sep 22 03:01:31 WEST 2023] /root/.acme.sh/acme.sh:__initHome:2627 _SCRIPT_='/root/.acme.sh/acme.sh'
[Fri Sep 22 03:01:31 WEST 2023] /root/.acme.sh/acme.sh:__initHome:2629 _script='/root/.acme.sh/acme.sh'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:__initHome:2631 _script_home='/root/.acme.sh'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:__initHome:2650 Using default home:/root/.acme.sh
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:__initHome:2658 Using config home:/root/.acme.sh
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:__initHome:2672 ACCOUNT_CONF_PATH='/root/.acme.sh/account.conf'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_process:7861 LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.6
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_process:7869 Running cmd: installcert
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:__initHome:2658 Using config home:/root/.acme.sh
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:__initHome:2672 ACCOUNT_CONF_PATH='/root/.acme.sh/account.conf'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_initpath:2788 default_acme_server
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_initpath:2797 ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_initpath:2799 _ACME_SERVER_HOST='acme.zerossl.com'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_initpath:2802 _ACME_SERVER_PATH='v2/DV90'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_initpath:2809 CA_CONF='/root/.acme.sh/ca/acme.zerossl.com/v2/DV90/ca.conf'
[Fri Sep 22 03:01:31 WEST 2023] The domain 'mydomain.webredirect.org' seems to have a ECC cert already, lets use ecc cert.
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_initpath:2886 DOMAIN_PATH='/root/.acme.sh/mydomain.webredirect.org_ecc'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2309 16:Le_RealCertPath=''
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2309 17:Le_RealCACertPath=''
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2309 18:Le_RealKeyPath='/ssl/privkey.pem'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2309 19:Le_ReloadCmd=''
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2309 20:Le_RealFullChainPath='/ssl/fullchain.pem'
[Fri Sep 22 03:01:31 WEST 2023] Installing key to: /ssl/privkey.pem
[Fri Sep 22 03:01:31 WEST 2023] Installing full chain to: /ssl/fullchain.pem
Checking the /ssl directory, I see that the certificate files have today’s date. This also happens in one of my other domains.
A couple of months later, I started also getting a certificate expiry email from a second HASS installation I made a couple of months after the other one.
So I can confirm that for some reason the add-on is creating a new certificate every day.
Can you please help me troubleshoot this? What could be wrong to make the script think it needs to renew every day?
Just a question, the logic to check if the certificate is in need of renewal, where is it?
Is it part of your script, or is it in Acme.sh? Where?
I’m afraid the logs I see in HASS aren’t big enough for me to see that part happening - the log shows only a few hundred lines, and since it is quite verbose, I can’t scroll up to that part…
It’s part of ACME.sh. The addon only creates a docker container that runs ACME.sh. Try disabling the automation or set it to run once a month and see if it reduces the number of notifications you receive.
[Tue Jan 9 20:15:27 CET 2024] FreeDNS failed to add TXT record for _acme-challenge as FreeDNS requested security code
[Tue Jan 9 20:15:27 CET 2024] Note that you cannot use automatic DNS validation for FreeDNS public domains
[Tue Jan 9 20:15:27 CET 2024] Error add txt for domain:_acme-challenge.chickenkiller.com
[Tue Jan 9 20:15:27 CET 2024] _on_issue_err
[Tue Jan 9 20:15:27 CET 2024] Please add ‘–debug’ or ‘–log’ to check more details.
[Tue Jan 9 20:15:27 CET 2024] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub
Hi, it’s ok but I couldn’t put it fine in the editor. In fact, if i change my password, the error is related with the login. Anyway, here is a screenshot. Thanks.
