Didn’t even know you can sign up an see a dashboard. You don’t need this if you are only using the integration to renew certs. Might be unrelated to the integration.
You’re right, I don’t need the dashboard. I would just like to stop receiving the daily emails, and I currently see no way of doing that.
If I choose to just send it to spam or block it, my fear is that then I might miss an actually valid alarm. If something actually breaks and my sites are about to go down due to expired certificates, I think a warning email would be very useful…
I also think this might be a bug with ZeroSSL alarms, not with the integration. But I would like to check if I misconfigured something, I imagine that if for some reason the integration is renewing daily, then I would get (90 days later) a daily alarm of a certificate expiring…
@wernerhp do you know of any reason why this integration (or acme.sh) could be generating a new certificate every day?
If I understand correctly, the cron job runs daily to check, but it should only renew the certificate when approaching the date of expiry, not every day… am I correct? What could be causing it to renew every time? I think that is what is happening
It should be working as you describe.
Do you have multiple domains on ZeroSSL? Are the emails only for you HA domain?
Check for any errors in the logs. They are under the Addon, next to the Configuration tab.
I have 3 domains total. All of them are Home Assistant, using the same integration + acme.sh. But I know that the expiry email specifically mentions always the same domain, which is the first one I set up. I actually fear that I start getting the same problem in triplicate, in a few weeks, when my other domains reach 90 days “age” and their certificates start expiring also…
I can’t find errors in the logs… although I can only see today’s logs, I wish I could have a look at the past 90 days ago.
I used DNS challenge.
-----END CERTIFICATE-----
[Fri Sep 22 03:01:30 WEST 2023] Your cert is in: /root/.acme.sh/mydomain.webredirect.org_ecc/mydomain.webredirect.org.cer
[Fri Sep 22 03:01:30 WEST 2023] Your cert key is in: /root/.acme.sh/mydomain.webredirect.org_ecc/mydomain.webredirect.org.key
[Fri Sep 22 03:01:30 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:30 WEST 2023] acme.sh:_setopt:2309 14:USER_PATH='/command:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
[Fri Sep 22 03:01:30 WEST 2023] The intermediate CA cert is in: /root/.acme.sh/mydomain.webredirect.org_ecc/ca.cer
[Fri Sep 22 03:01:30 WEST 2023] And the full chain certs is there: /root/.acme.sh/mydomain.webredirect.org_ecc/fullchain.cer
[Fri Sep 22 03:01:30 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:30 WEST 2023] acme.sh:_setopt:2309 12:Le_CertCreateTime='1695348090'
[Fri Sep 22 03:01:30 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:30 WEST 2023] acme.sh:_setopt:2309 13:Le_CertCreateTimeStr='2023-09-22T02:01:30Z'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2309 14:Le_NextRenewTimeStr='2023-11-20T02:01:30Z'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2309 15:Le_NextRenewTime='1700445690'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_on_issue_success:3610 _on_issue_success
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_hasfield:486 '' does not contain 'dns'
[Fri Sep 22 03:01:31 WEST 2023] /root/.acme.sh/acme.sh:_exists:534 xargs exists=0
[Fri Sep 22 03:01:31 WEST 2023] /root/.acme.sh/acme.sh:_is_idn:1188 _is_idn_d='mydomain.webredirect.org'
[Fri Sep 22 03:01:31 WEST 2023] /root/.acme.sh/acme.sh:_is_idn:1190 _idn_temp
[Fri Sep 22 03:01:31 WEST 2023] /root/.acme.sh/acme.sh:_exists:534 readlink exists=0
[Fri Sep 22 03:01:31 WEST 2023] /root/.acme.sh/acme.sh:_exists:534 dirname exists=0
[Fri Sep 22 03:01:31 WEST 2023] /root/.acme.sh/acme.sh:__initHome:2626 Lets find script dir.
[Fri Sep 22 03:01:31 WEST 2023] /root/.acme.sh/acme.sh:__initHome:2627 _SCRIPT_='/root/.acme.sh/acme.sh'
[Fri Sep 22 03:01:31 WEST 2023] /root/.acme.sh/acme.sh:__initHome:2629 _script='/root/.acme.sh/acme.sh'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:__initHome:2631 _script_home='/root/.acme.sh'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:__initHome:2650 Using default home:/root/.acme.sh
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:__initHome:2658 Using config home:/root/.acme.sh
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:__initHome:2672 ACCOUNT_CONF_PATH='/root/.acme.sh/account.conf'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_process:7861 LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.6
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_process:7869 Running cmd: installcert
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:__initHome:2658 Using config home:/root/.acme.sh
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:__initHome:2672 ACCOUNT_CONF_PATH='/root/.acme.sh/account.conf'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_initpath:2788 default_acme_server
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_initpath:2797 ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_initpath:2799 _ACME_SERVER_HOST='acme.zerossl.com'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_initpath:2802 _ACME_SERVER_PATH='v2/DV90'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_initpath:2809 CA_CONF='/root/.acme.sh/ca/acme.zerossl.com/v2/DV90/ca.conf'
[Fri Sep 22 03:01:31 WEST 2023] The domain 'mydomain.webredirect.org' seems to have a ECC cert already, lets use ecc cert.
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_initpath:2886 DOMAIN_PATH='/root/.acme.sh/mydomain.webredirect.org_ecc'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2309 16:Le_RealCertPath=''
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2309 17:Le_RealCACertPath=''
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2309 18:Le_RealKeyPath='/ssl/privkey.pem'
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2309 19:Le_ReloadCmd=''
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2306 APP
[Fri Sep 22 03:01:31 WEST 2023] acme.sh:_setopt:2309 20:Le_RealFullChainPath='/ssl/fullchain.pem'
[Fri Sep 22 03:01:31 WEST 2023] Installing key to: /ssl/privkey.pem
[Fri Sep 22 03:01:31 WEST 2023] Installing full chain to: /ssl/fullchain.pem
Checking the /ssl
directory, I see that the certificate files have today’s date. This also happens in one of my other domains.
A couple of months later, I started also getting a certificate expiry email from a second HASS installation I made a couple of months after the other one.
So I can confirm that for some reason the add-on is creating a new certificate every day.
Can you please help me troubleshoot this? What could be wrong to make the script think it needs to renew every day?
Are you running the automation to restart the aaddon every day?
Yes, it runs every night at 3:00 AM.
Just a question, the logic to check if the certificate is in need of renewal, where is it?
Is it part of your script, or is it in Acme.sh? Where?
I’m afraid the logs I see in HASS aren’t big enough for me to see that part happening - the log shows only a few hundred lines, and since it is quite verbose, I can’t scroll up to that part…
Thanks
It’s part of ACME.sh. The addon only creates a docker container that runs ACME.sh. Try disabling the automation or set it to run once a month and see if it reduces the number of notifications you receive.
Hi, thanks for the info. I tried to use the addon but it didn’t work. this is my configuration
account: [email protected]
server: zerossl
domains:
- chickenkiller.com
- “*.chickenkiller.com”
certfile: fullchain.pem
keyfile: privkey.pem
dns:
provider: dns_freedns
env:
- FREEDNS_User=xxxx
- FREEDNS_Password=xxxx
- DEBUG=1
But I’m getting this error in the log
[Tue Jan 9 20:15:27 CET 2024] FreeDNS failed to add TXT record for _acme-challenge as FreeDNS requested security code
[Tue Jan 9 20:15:27 CET 2024] Note that you cannot use automatic DNS validation for FreeDNS public domains
[Tue Jan 9 20:15:27 CET 2024] Error add txt for domain:_acme-challenge.chickenkiller.com
[Tue Jan 9 20:15:27 CET 2024] _on_issue_err
[Tue Jan 9 20:15:27 CET 2024] Please add ‘–debug’ or ‘–log’ to check more details.
[Tue Jan 9 20:15:27 CET 2024] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub
Any idea ?
Thanks!
Check your indentation
keyfile: privkey.pem
dns:
provider: dns_freedns
env:
- FREEDNS_User=
- FREEDNS_Password=
Hi, it’s ok but I couldn’t put it fine in the editor. In fact, if i change my password, the error is related with the login. Anyway, here is a screenshot. Thanks.
Is your domain on FreeDNS set to public?