Open alystair opened 1 year ago
webprofusion-chrisc
commented
1 year ago Thanks, I've definitely not seen that before, have you restarted the service since turning off telemetry? The reason I ask is the way our app is designed it will just have an null telemetry object so it won't even be able to access telemetry at all if it's disabled at startup.
webprofusion-chrisc
commented
1 year ago Is outgoing https disabled via your firewall? The behavior obviously suggests it's trying to do something and failing. If the problem persists please also append the contents of C:\ProgramData\Certify\appsettings.json
alystair
commented
1 year ago You're absolutely correct, after restarting the service I'm now only seeing the thread creation/exit :)
{
"SettingsSchemaVersion": 1,
"CheckForUpdatesAtStartup": true,
"EnableAppTelematics": false,
"IgnoreStoppedSites": true,
"EnableValidationProxyAPI": true,
"EnableEFS": false,
"EnableDNSValidationChecks": false,
"RenewalIntervalDays": 30,
"RenewalIntervalMode": "DaysAfterLastRenewal",
"MaxRenewalRequests": 0,
"EnableHttpChallengeServer": true,
"LegacySettingsUpgraded": true,
"IsInstanceRegistered": false,
"InstanceId": "9a61df16-5cae-46e2-871c-56469e165934",
"Language": null,
"EnableCertificateCleanup": true,
"EnableStatusReporting": true,
"CertificateCleanupMode": 1,
"DefaultCertificateAuthority": "letsencrypt.org",
"CertificateAuthorityFallback": null,
"DefaultKeyCredentials": null,
"EnableAutomaticCAFailover": false,
"IncludeExternalPlugins": false,
"FeatureFlags": null,
"NtpServer": "pool.ntp.org",
"DefaultCertificateStore": null,
"EnableExternalCertManagers": true
}I think the most efficient way would be to use native windows scheduler and only activate the service around expiry dates? This way ~80mb RAM is also freed up :)
webprofusion-chrisc
commented
1 year ago Thanks, we definitely still need to look at this issue as there is probably more we can do.
We want to try to trim the service down a little. We support a bunch of features that in turn have dependencies which are loaded at runtime (some due to .net reflection as part of plugin loads) so we do want to get the service smaller. The UI does need the service in order to operate as the UI itself does not do any of the real work.
If you're looking for a particularly lightweight option then you could consider Posh-ACME (PowerShell), win-acme or even certbot. Certify The Web does quite a lot more than some people need.
webprofusion-chrisc
commented
1 year ago As a little bit of background to our service based approach, some users are actively managing up to 18,000 certs on a single server, so the service is frequently checking for work to do, however it does that hourly so I still need to check what else is creating this thread every 10 mins. I suspect its our log files being flushed periodically.
alystair
commented
1 year ago Thanks, I'll look into Posh-ACME for my use case.
alystair
commented
1 year ago It's actually every few seconds, not every 10 minutes. Hope this helps :)
Context: Trying out tooling for a single domain, telemetry is turned off... and UI is totally closed.
I noticed the service.exe is never idling - wasting many cycles. The service is constantly creating/terminating a thread and attempting to access 'ApplicationInsightsDiagnostics.json' which as far as I can see doesn't exist.
This can be observed using procmon / procexp tools from Sysinternals, a set of Microsoft tools.
It's harder to justify using this SSL manager if it's wasting resources.