Created
August 5, 2020 08:33
-
-
Save cdoublev/0ccb1a4b203912726d58b7f10fb140b8 to your computer and use it in GitHub Desktop.
Logwatch files to watch Let's Encrypt log files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/logwatch/conf/logfiles/letsencrypt.conf | |
LogFile = letsencrypt/letsencrypt.log | |
Archive = letsencrypt/letsencrypt.log.*.gz | |
# `ApplyEuroDate` uses a space at the end of the following header... | |
*ApplyStdDate = "%Y-%m-%d %H:%M:%S(,...)?" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl | |
# /etc/logwatch/scripts/services/logwatch | |
use strict; | |
use warnings; | |
my $renewal_index = 0; | |
my $renewal_started = 0; | |
my @renewals = (); | |
while (defined(my $line = <STDIN>)) { | |
chomp($line); | |
if ($line =~ /Cert is due for renewal, auto-renewing/) { | |
push(@renewals, { errors => [], domains => [] }); | |
$renewal_started = 1; | |
} | |
next unless $renewal_started; | |
if ($line =~ /(no renewal failures|renew failure\(s\)|parse failure\(s\))/) { | |
$renewal_index++; | |
$renewal_started = 0; | |
} elsif ($line =~ /(ERROR:certbot|EXCEPTION:certbot|WARNING:certbot)/) { | |
push(@{$renewals[$renewal_index]->{errors}}, $line); | |
} elsif ($line =~ /Writing new config (?<config_tmp_path>.+)/n) { | |
my $domain_map_started = 0; | |
my $config_path = substr($+{config_tmp_path}, 0, -5); # Remove '.new' | |
open(my $config_handle, '<', $config_path) or die "Can't open $config_path"; | |
while (my $config_line = <$config_handle>) { | |
chomp($config_line); | |
if ($config_line eq '[[webroot_map]]') { | |
$domain_map_started = 1; | |
} elsif ($domain_map_started and $config_line) { | |
my @domain_map_parts = split(' =', $config_line); | |
push(@{$renewals[$renewal_index]->{domains}}, shift(@domain_map_parts)); | |
} | |
} | |
close($config_handle) or die "$config_handle: $!"; | |
} | |
} | |
print "Certificates are not yet due for renewal.\n" unless @renewals; | |
for (my $i = 0; $i < @renewals; $i++) { | |
print('Renewed domains: ' . join(', ', @{$renewals[$i]->{domains}}) . "\n"); | |
foreach my $error (@{$renewals[$i]->{errors}}) { | |
print("Error while renewing certificates: $error\n"); | |
} | |
} | |
exit(0); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/logwatch/conf/services/letsencrypt.conf | |
Title = "Let's Encrypt" | |
LogFile = letsencrypt | |
*RemoveHeaders |
You're welcome!
This can be achieved by appending something like print `certbot certificates`;
and eventually parsing the command output to get it printed nicely like you suggested.
As soon I have time for this, I will update the Perl script with the tips provided by the logwatch
's author and with your idea.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
thank you for the code, works perfect on my raspberry pi :-)
It would be nice if there was a message like "certificate issued on ... - xx days left until renewal".
Best regards,
stefan