Octopus certificate Subscription

Hi,

I’ve setup an Octopus test subscription to notify when certificates expire. We have one certificate that is out of date by 4 months and I was expecting to get an email regarding this as per the frequency I’ve setup. However, I’m not getting any emails. How does this work? Do the emails only get sent once when the certificate is in breach of the event i.e. just when it expires. I’m just looking for reassurance that these emails will work when we roll this out for production.

Thanks,

Chris

Hi Chris

Thanks for reaching out!

You certainly should be getting an email in this situation. As you surmised, the email only gets sent once, when the certificate is detected as expired.

To give you a run through of how it works under the hood:

  • 10 minutes after the server starts up, it looks through all certificates, and checks for expired ones. If it finds one, and there has never been a ‘certificate expired’ event logged for that certificate, it will log a new event. If the certificate has not expired, it will check if its eligible for the 10 or 20 day warning, and if so log events for those. It will repeat this check every 4 hours.
  • Every 30 seconds, the server checks each subscription to see if any new events have been logged that match that subscription - in your case, it will be looking for ‘certificate expired’ events. If it finds a new one, it triggers the subscription and sends an email.

In your case, I suspect that the certificate expired event was logged before you set up the subscription, and therefore was not included. You can confirm this by checking the audit log, and filtering for ‘certificate expired’ events.
You can then compare this against the event created when the subscription was created (it will be a ‘document created’ event), and check to see if this theory pans out.

Hope this helps - let me know how it goes.

Regards,
Matt

Thanks for that. I think that’s the problem that I created the subscription after the event had fired.