Open Vad1mo opened 6 years ago
It seems like this is causing even multiple renews on a single day, which is interesting because the default check interval is 24 hours.
/etc/resty-auto-ssl/storage/file/
(or var/lib/certs
for you?) should contain an expiry
-key. Can you check this timestamp against the actual expiry date of the certificate, also contained in the file or as displayed by your browser?info
log level you configured for you error log should provide logs on any renewals. You wrote that there are no suspicious entries, but are there any at all? Can you correlate the log entries of individual domains to timestamps from the transparency logs?Sorry for the delayed initial response, but I hope that we're able to clear this up.
I am monitoring the issued certificates with https://developers.facebook.com/docs/certificate-transparency/
Recently I see that certs are reissues almost every day. However there aren't any suspicious log entries nor exceptions. This happens also to other domains of mine as well.
This is an excerpt for one domain of the last days.
Here is my config. The only difference to default is that I point to
resolver 127.0.0.11 valid=120s ipv6=off;
This also allows me to resolve Container names via domain name. However it works also for externalsnginx.conf