Open medmunds opened 3 years ago
marcoczen
commented
3 years ago Thanks ... Currently using postmarkapp but have wanted to go to my own smtp server ... Will using my own smtp server allow me to get an email when the cert renewal is done via acme.sh --force ? Or only via cron ?
medmunds
commented
3 years ago @marcoczen
Will using my own smtp server allow me to get an email when the cert renewal is done via acme.sh --force ? Or only via cron ?
acme.sh decides when to call notify; it doesn't matter what notify-hook you're using. (So this is out of the control of the smtp notify hook.)
It looks to me like send_notify() is only called when running acme.sh --cron. You might be able to run acme.sh --cron --force (to pretend that you are the cron job, so you get notifications), but I have not tried it.
Since deciding when to send notifications is a core acme.sh feature, not specific to --notify-hook smtp, suggest following up in a separate issue.
StuHare
commented
2 years ago Has the notify function been updated in recent versions?
We were previously getting both SMTP and Teams notifications from the daily cron job, but it now seems the daily 'skipped' jobs are not triggering a notify. Manually triggered test events do appear to notify.
Neilpang
commented
2 years ago @StuHare I don't remember anyone modified the notify hooks. please check the notify level and notify mode.
cat ~/.acme.s/account.confLooks fine Neil no changes to account.conf.
NOTIFY_LEVEL='2' NOTIFY_HOOK='smtp,teams'
medmunds
commented
2 years ago @StuHare is the cron notification missing in both SMTP and Teams, or is it showing up for Teams but not through SMTP?
If it's not showing up for either, maybe your cron job got deleted? (crontab -l to check.)
If only SMTP is broken, make sure the SAVED_SMTP_BIN executable can still be found on the USER_PATH (both variables from account.conf).
In either case, there may be error output in your system's cron logs. (Where to find those depends on your system.)
And in either case, you might get additional, helpful info by running acme.sh in debug mode from the cron job, and collecting the output somewhere you can find it. crontab -e to edit, and change this line:
MM HH * * * "/PATH/.acme.sh"/acme.sh --cron --home "/PATH/.acme.sh" > /dev/nullto:
MM HH * * * "/PATH/.acme.sh"/acme.sh --cron --home "/PATH/.acme.sh" --debug >> /var/log/acme.log 2>&1(The PATH and the numbers MM and HH will vary depending on your system.)
After the next cron run, check /var/log/acme.log. (You could also change the MM HH cron schedule if you don't want to wait overnight. Don't forget to change the crontab back when you're done.)
StuHare
commented
2 years ago Neither of the notifications are working.
Cronjob is still there and is running daily as expected.
It shows the skipped renewal message, as the cert renewal is not yet due, and closes as normal.
During the successful deployment and forced renewal of the certificate, the successes have logged ok, just nothing since.
Acme.sh.log is on and set to logging level 2 - everything seems consistent apart from the missing NOTIFY messages at the end of the log.
I'll grab some output.
Odd because on the previous version of code i am running on a different server all works fine, this was built and installed a couple of months ago.
The new server running the agent, was only provisioned using the acme.sh version available on the 23rd July.
Neilpang
commented
2 years ago can you please show me the log with acme.sh --cron --force --debug 2.
I just tried on one of my servers, the notifications can work for me.
There is nothing changed recently.
StuHare
commented
2 years ago So some further testing carried out. With the force renewal the notifications works. But if the standard cron job returns a skipped status then no notifications are sent.
This is definitely different behaviour than I experience on the other test server. My concern was more that the notifications had stopped altogether, so as long as we get notified for successes and failures, I am OK with the skips being suppressed.
Sanitised output below.
With --force renewal, notifications work:
[Mon Aug 9 09:26:43 UTC 2021] response_status='success'
[Mon Aug 9 09:26:43 UTC 2021] Successfully deployed commit-all
[Mon Aug 9 09:26:43 UTC 2021] Success
[Mon Aug 9 09:26:43 UTC 2021] Return code: 0
[Mon Aug 9 09:26:43 UTC 2021] _error_level='2'
[Mon Aug 9 09:26:43 UTC 2021] _set_level='2'
[Mon Aug 9 09:26:43 UTC 2021] Sending via: smtp
[Mon Aug 9 09:26:43 UTC 2021] Found /acme.sh/notify/smtp.sh for smtp
[Mon Aug 9 09:26:43 UTC 2021] SMTP_BIN='python3'
[Mon Aug 9 09:26:43 UTC 2021] SMTP_FROM='xxxx'
[Mon Aug 9 09:26:43 UTC 2021] SMTP_TO='xxxx'
[Mon Aug 9 09:26:43 UTC 2021] SMTP_HOST='xxxx'
[Mon Aug 9 09:26:43 UTC 2021] SMTP_SECURE='tls'
[Mon Aug 9 09:26:43 UTC 2021] SMTP_PORT='25'
[Mon Aug 9 09:26:43 UTC 2021] SMTP_USERNAME
[Mon Aug 9 09:26:43 UTC 2021] SMTP_PASSWORD='[hidden]'
[Mon Aug 9 09:26:43 UTC 2021] SMTP_TIMEOUT='30'
[Mon Aug 9 09:26:43 UTC 2021] SMTP_SUBJECT='Renew Success'
[Mon Aug 9 09:26:43 UTC 2021] SMTP_CONTENT='Success certs:
[Mon Aug 9 09:26:43 UTC 2021] Python version='Python 3.8.10'
[Mon Aug 9 09:26:45 UTC 2021] smtp Success
[Mon Aug 9 09:26:45 UTC 2021] Sending via: teams
[Mon Aug 9 09:26:45 UTC 2021] Found /acme.sh/notify/teams.sh for teams
[Mon Aug 9 09:26:45 UTC 2021] _statusCode='0'
[Mon Aug 9 09:26:45 UTC 2021] POST
[Mon Aug 9 09:26:45 UTC 2021] _post_url='xxxx'
[Mon Aug 9 09:26:45 UTC 2021] body='{"title": "Renew Success\n","themeColor": "2cbe4e", "text": "Success certs:\n xxxx.xxxx.xxx\n"}'
[Mon Aug 9 09:26:45 UTC 2021] _postContentType
[Mon Aug 9 09:26:45 UTC 2021] _CURL='curl --silent --dump-header /acme.sh/http.header -L --trace-ascii /tmp/tmp.k7hr2n7zGZ -g'
[Mon Aug 9 09:26:46 UTC 2021] _ret='0'
[Mon Aug 9 09:26:46 UTC 2021] teams send success.
[Mon Aug 9 09:26:46 UTC 2021] teams Success
[Mon Aug 9 09:26:46 UTC 2021] ===End cron===Without --force renewal and the response is to Skip they do not:
[Mon Aug 9 09:44:05 UTC 2021] Skip, Next renewal time is: Fri Oct 8 09:26:05 UTC 2021
[Mon Aug 9 09:44:05 UTC 2021] Add '--force' to force to renew.
[Mon Aug 9 09:44:05 UTC 2021] Return code: 2
[Mon Aug 9 09:44:05 UTC 2021] Skipped xxxx
[Mon Aug 9 09:44:05 UTC 2021] _error_level='3'
[Mon Aug 9 09:44:05 UTC 2021] _set_level='2'
[Mon Aug 9 09:44:05 UTC 2021] ===End cron===
acme.sh --version
https://github.com/acmesh-official/acme.sh
v3.0.0E.g. Test server produces the following teams alert:
Renew Success Skipped
Success certs:
1.example.com
Skipped certs:
2.example.com
dwlfrth
commented
1 year ago Getting this error when "installing" acme.sh using curl https://get.acme.sh | sh -s email=address@domain followed by /root/.acme.sh/acme.sh --set-notify --notify-hook smtp
Running in a docker container using alpine:latest with the bash alpine package.
Can be reproduced using the following command docker run --rm -e SMTP_FROM=alain@example.com alpine:latest sh -c 'apk add curl openssl && curl https://get.acme.sh/ | sh -s email=address@domain && /root/.acme.sh/acme.sh --set-notify --notify-hook smtp'
[Tue Feb 28 23:13:13 UTC 2023] Set notify hook to: smtp [Tue Feb 28 23:13:13 UTC 2023] Sending via: smtp expr: warning: '^.*[<>"]': using '^' as the first character of a basic regular expression is not portable; it is ignored expr: warning: '^.*[<>"]': using '^' as the first character of a basic regular expression is not portable; it is ignored [Tue Feb 28 23:13:14 UTC 2023] smtp Success
See related PR: https://github.com/acmesh-official/acme.sh/pull/4528
dylansealy
commented
3 weeks ago I'm getting an error when running acme.sh --set-notify --debug --notify-hook smtp. I'm running the latest Docker image with UPGRADE_HASH=0d8a314bcf32c7705f0be11527d34d3b4ce0fa79. The SMTP server is a Docker Mailserver instance on version v13.3.1. I've fixed this problem with adding the flag --crlf to the curl command, but I don't know if this is a viable solution.
[Tue Jun 11 18:56:14 UTC 2024] Lets find script dir.
[Tue Jun 11 18:56:14 UTC 2024] _SCRIPT_='/usr/local/bin/acme.sh'
[Tue Jun 11 18:56:14 UTC 2024] _script='/root/.acme.sh/acme.sh'
[Tue Jun 11 18:56:14 UTC 2024]_script_home='/root/.acme.sh'
[Tue Jun 11 18:56:14 UTC 2024] Using default home:/root/.acme.sh
[Tue Jun 11 18:56:14 UTC 2024] Using config home:/acme.sh
[Tue Jun 11 18:56:14 UTC 2024] LE_WORKING_DIR='/root/.acme.sh'
<https://github.com/acmesh-official/acme.sh>
v3.0.8
[Tue Jun 11 18:56:14 UTC 2024] Running cmd: setnotify
[Tue Jun 11 18:56:14 UTC 2024] Using config home:/acme.sh
[Tue Jun 11 18:56:14 UTC 2024] default_acme_server='<https://acme-v02.api.letsencrypt.org/directory>'
[Tue Jun 11 18:56:14 UTC 2024] ACME_DIRECTORY='<https://acme-v02.api.letsencrypt.org/directory>'
[Tue Jun 11 18:56:14 UTC 2024] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Tue Jun 11 18:56:15 UTC 2024]_ACME_SERVER_PATH='directory'
[Tue Jun 11 18:56:15 UTC 2024] Set notify hook to: smtp
[Tue Jun 11 18:56:15 UTC 2024] Sending via: smtp
[Tue Jun 11 18:56:15 UTC 2024] Found /root/.acme.sh/notify/smtp.sh for smtp
[Tue Jun 11 18:56:15 UTC 2024] SMTP_BIN='curl'
[Tue Jun 11 18:56:15 UTC 2024] SMTP_FROM='<acme.sh@[domain]>'
[Tue Jun 11 18:56:15 UTC 2024] SMTP_TO='<dylan@[domain]>'
[Tue Jun 11 18:56:15 UTC 2024] SMTP_HOST='mail.[domain]'
[Tue Jun 11 18:56:15 UTC 2024] SMTP_SECURE='ssl'
[Tue Jun 11 18:56:15 UTC 2024] SMTP_PORT='465'
[Tue Jun 11 18:56:15 UTC 2024] SMTP_USERNAME='<docker-services@[domain]>'
[Tue Jun 11 18:56:15 UTC 2024] SMTP_PASSWORD='[hidden](please add '--output-insecure' to see this value)'
[Tue Jun 11 18:56:15 UTC 2024] SMTP_TIMEOUT='30'
[Tue Jun 11 18:56:15 UTC 2024] SMTP_SUBJECT='Hello, this is a notification from acme.sh by fbd760218b96'
[Tue Jun 11 18:56:15 UTC 2024] SMTP_CONTENT='If you receive this message, your notification works.'
[Tue Jun 11 18:56:15 UTC 2024] curl command:='curl'
[Tue Jun 11 18:56:15 UTC 2024] raw_message:\nFrom: <acme.sh@[domain]>
To: <dylan@[domain]>
Subject: Hello, this is a notification from acme.sh by fbd760218b96
Date: Tue, 11 Jun 2024 18:56:15 +0000
Content-Type: text/plain; charset=utf-8
X-Mailer: acme.sh 3.0.8 --notify-hook smtp
If you receive this message, your notification works.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Host mail.[domain]:465 was resolved.
* IPv6: [IPv6 address]
* IPv4: [IPv4 address]
* Trying [IPv4 address]:465...
* Connected to mail.[domain] ([IPv4 address]) port 465
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [6 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2433 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [110 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / id-ecPublicKey
* Server certificate:
* subject: CN=[domain]
* start date: Jun 5 20:38:10 2024 GMT
* expire date: Sep 3 20:38:09 2024 GMT
* subjectAltName: host "mail.[domain]" matched cert's "*.[domain]"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Certificate level 0: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [233 bytes data]
< 220 mail.[domain] ESMTP
} [5 bytes data]
> EHLO fbd760218b96
{ [5 bytes data]
< 250-mail.[domain]
< 250-PIPELINING
< 250-SIZE 10240000
< 250-ETRN
< 250-AUTH PLAIN LOGIN
< 250-AUTH=PLAIN LOGIN
< 250-ENHANCEDSTATUSCODES
< 250-8BITMIME
< 250-DSN
< 250 CHUNKING
} [5 bytes data]
> AUTH PLAIN
{ [5 bytes data]
< 334
} [5 bytes data]
> [data....]
{ [5 bytes data]
< 235 2.7.0 Authentication successful
} [5 bytes data]
> MAIL FROM:<acme.sh@[domain]>
{ [5 bytes data]
< 250 2.1.0 Ok
} [5 bytes data]
> RCPT TO:<dylan@[domain]>
{ [5 bytes data]
< 250 2.1.5 Ok
} [5 bytes data]
> DATA
{ [5 bytes data]
< 354 End data with <CR><LF>.<CR><LF>
} [5 bytes data]
< 521 5.5.2 mail.[domain] Error: bare <LF> received
100 300 0 0 0 300 0 732 --:--:-- --:--:-- --:--:-- 733
* Connection #0 to host mail.[domain] left intact
curl: (8) Weird server reply
[Tue Jun 11 18:56:15 UTC 2024] Error sending message with curl.
[Tue Jun 11 18:56:15 UTC 2024] Error send message by smtp_send
[Tue Jun 11 18:56:15 UTC 2024] Set /root/.acme.sh/notify/smtp.sh error.
[Tue Jun 11 18:56:15 UTC 2024] Can not set notify hook to: smtpMost SMTP servers are OK with just LF, but the spec does require CRLF, so this is a real bug.
I've fixed this problem with adding the flag
--crlfto the curl command, but I don't know if this is a viable solution.
I don't know how to tell if --crlf is supported by all versions of curl that acme.sh supports. If so, this seems like the best solution. It looks like curl 7.40.0 added smtp crlf support. @Neilpang is curl 7.40.0 considered safe for acme.sh use?
If not, another option would adding sed -e 's/$/\r/' in the line that calls curl. (But I also can't remember if sed is safe for acme.sh.)
This is the place to report bugs in the SMTP notify hook.
If you experience a bug with
--notify-hook smtp, please report it in this issue. (Please include the--debugoutput to assist in diagnosing any problems.)Thanks!