Certificate expiration warning is not sent

Boyan_Mihaylov · 21 June 2017 11:19

Hello,

I have created a subscription for Certificate expiry events -> Certificate expiry 20-day warning, any project, any environment. I have a certificate expiring in 7 days, but I haven’t received any e-mail about that. I checked that Tasks history and I can’t see anything related to that. I receive e-mails about machines with health issues though. What could be the issue?

Best,
Boyan

Michael_Richardson · 22 June 2017 06:00

Hi Boyan,

Has the certificate been archived? Is so, the expiry events won’t be raised.

If this is not the case then we’ll certainly dig further.

Regards,
Michael

Boyan_Mihaylov · 22 June 2017 07:19

Hi Michael,

I see. I actually have the certificate twice (due to issues in the first releases of Octopus) - one is archived and one is active. I have now removed the archived one, but I’m thinking if the logic should be changed to check active certificates first?

Best,
Boyan

Michael_Richardson · 23 June 2017 02:17

Hmm…

Octopus should see those as different certificates. If the non-archived certificate is due for an expiry warning, then it should be generated regardless of any archived certificates. Octopus doesn’t care if they actually contain the same cert.

If you have access to your Octopus SQL database, could you run the following query:

SELECT *
  FROM [dbo].[Certificate]
  WHERE [Archived] IS NULL AND [NotAfter] <= DATEADD(DAY, 20, SYSDATETIMEOFFSET())

Does that return the certificate you are interested in?

If so, does the following query (you will have to substitute your certificate ID from above into the query) return any results:

SELECT * 
  FROM [dbo].[Event]
  WHERE ([Id] IN (SELECT er.EventId FROM EventRelatedDocument er WHERE er.RelatedDocumentId = '{{Certificate Id From Earlier Results}}')) 
	AND ([Category] IN ('CertificateExpiryFirstWarning', 'CertificateExpirySecondWarning', 'CertificateExpired'))

The certificate expiry check should run every 4 hours (and 30 seconds after startup).

If you check your Octopus Server log file, can you see any errors within the last 8 hours or so?

Boyan_Mihaylov · 23 June 2017 12:43

It is a bit difficult to do it now, as I had to replace the certificate due to the expiration date.

I imported the old one again and your queries run fine - I got results for each of them. The logs on the server don’t seem to have any errors.

Let’s close this one for now and hope it works fine