Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Renewal job never getting fired due to process exit #143

Open
domharrington opened this issue Jun 11, 2018 · 7 comments
Open

Renewal job never getting fired due to process exit #143

domharrington opened this issue Jun 11, 2018 · 7 comments

Comments

@domharrington
Copy link

Hey!

So we recently had a problem where our certs weren't getting regenerated. The reason for this was that our openresty processes were never up for the default 24hrs timeout (due to #136); so the renewal job was never firing. I can reduce the renewal_interval to something smaller, but I have to pluck a number out of the sky to estimate our average process uptime, which i'm not sure of right now.

Can we maybe do one of the following:

  • accept a renew_check_time option, which you give a time format like hh:mm e.g. "00:00" will always perform the renewal at midnight
  • persist to storage the last time a successful renewal occurred. On startup, check if that is further away from the current time than the renew_check_interval? Then trigger the renewal if it is?

I think in the meantime I'm going to attempt to have another server running, whose sole purpose it is to stay up! It's going to be out of the load balancer, so i'm hoping that without traffic it should be able to stay up for 24hrs. I'm going to monitor it to see.

Happy to attempt to write a PR for the above feature, if you like the sound of either of them as potential improvements.
@luto
Copy link
Collaborator

luto commented Jun 11, 2018

Thanks for your report and the investigation! We're probably also hitting this, although I did not find the time to properly check it out yet. To me the 2nd option sounds better. Glad to hear that you want to submit a PR for this! Let me know if you need any help.

What do you think, @GUI?

@domharrington
Copy link
Author

Also it would be really helpful if we could expose the renewal job as a shell script somehow, so we can manually kick off the job should it ever be required. That way then we could also just setup a cron job to call the renewal every 24 hours. Do you think that would be simple enough to do?

@brianlund
Copy link
Contributor

Also it would be really helpful if we could expose the renewal job as a shell script somehow, so we can manually kick off the job should it ever be required. That way then we could also just setup a cron job to call the renewal every 24 hours. Do you think that would be simple enough to do?

That would be really useful. For now I'm running a seperate instance without traffic that only runs the renewal job (without a delay) soon after it starts.

@nabeel-khan
Copy link

@brianlund could you please share your manual renewal code? we are facing issue in renewal and would like to see what are we missing.

Thanks.

@domharrington
Copy link
Author

Similarly to @brianlund, we have an instance running which has no traffic going to it, so the renewal job always runs. This is a good enough solution for us right now

@brianlund
Copy link
Contributor

Yeah that is pretty much all we do, no custom code.

@nergdron
Copy link

we just ran into this as part of updating our auto-ssl configs for acmev2. has there been any headway on sorting this out in the last couple years? 😅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@nergdron @domharrington @luto @brianlund @nabeel-khan