Certbot: Make Certbot logging more systematic and flexible
A user request from the forum (https://community.letsencrypt.org/t/letsencrypt-log/101556/9):
i) I recommend that EVERY log entry include the name of the certificate to which it pertains, ie that the current “cerbot.cli” or “certbot.renewal” (becomes more specific); when possible/applicable. This will enable/ease log post-processing and administrative reporting.
(further)
ii) I recommend the inclusion of a switch in the (/etc/letsencrypt/)cli.ini configuration file to allow administrators to select a logging level, ie to be able to exclude DEBUG communications. This will reduce the volume of log-entries (a somewhat weak justification!), and improve readability for more mature installations. (cli.ini should be installed with the ‘maximum setting’ and alteration be a user-choice and require deliberate (SysAdmin) user-action).
NB recommendation (i) is likely a more appropriate solution (in this scenario) than, but may have the effect of reducing use-cases for the “failure hook” proposal.
schoen
All 3 comments
I have a similar request. In stead of digging trough server logs I would like to get only notified about failures.
Currently I run certbot renew via cron and every run I get a notification via e-mail that no renewals were attempted. Instead I would only like to get a notification as soon as "Congratulations, all renewals succeeded. The following certs have been renewed:" is part of the logging and more importantly if the process failed for some reason (yes this happens once in a while for a number of different reasons.)
Some flags like e.g.
--verbose-on-renewal--verbose-on-failure
would help a lot.
Currently I just filter the e-mails client side which contain the "No renewals were attempted" message.
kghbln
on 7 Oct 2019
We've made a lot of changes to Certbot since this issue was opened. If you still have this issue with an up-to-date version of Certbot, can you please add a comment letting us know? This helps us to better see what issues are still affecting our users. If there is no activity in the next 30 days, this issue will be automatically closed.
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 8 Oct 2020
Is still believe this will be a very useful feature for operations. Looked at the current docs but did not find an implementation like this.
kghbln
on 8 Oct 2020
Related issues
redgluten
·
4Comments
gcstang
·
3Comments
LouWii
·
4Comments
realtebo
·
3Comments
DirkWolthuis
·
3Comments
Most helpful comment
I have a similar request. In stead of digging trough server logs I would like to get only notified about failures.
Currently I run
certbot renewvia cron and every run I get a notification via e-mail that no renewals were attempted. Instead I would only like to get a notification as soon as "Congratulations, all renewals succeeded. The following certs have been renewed:" is part of the logging and more importantly if the process failed for some reason (yes this happens once in a while for a number of different reasons.)Some flags like e.g.
--verbose-on-renewal--verbose-on-failurewould help a lot.
Currently I just filter the e-mails client side which contain the "No renewals were attempted" message.