Solved: No log for certificate expiration in Certificate M... - Page 2

sosonetwork · 12-04-2023 02:58 AM

Hello,

I would like to configure an alert for certificates provisioned by Certificate Manager which are expired and close to expiry.

I follow this documentation and tried the suggested alert query "logName = "projects/PROJECT_ID/logs/certificatemanager.googleapis.com%2Fcertificates_expiry" AND jsonPayload.state = "EXPIRED"" in Cloud Logging. I also create 2 log-based metrics with that query for jsonPayload.state = "EXPIRED" and jsonPayload.state = "CLOSE_TO_EXPIRY". I replaced PROJECT_ID with the ID of my project.

I did a test with a certificate and let it expire but I can't see any logs relative to that (close to expire or expired), I only have logs for the creation of the certificate. I am surprised because as mentionned in the documentation : "Certificate Manager logging is always enabled and only captures a minimal amount of information specifically related to certificate expiration."

Here are my two certificates:

And the queries (without result) :

Thank you by advance !

lawrencenelson

Hi @sosonetwork,

Welcome to the Google Cloud Community!

Can you try removing the syntax below from your query, just to verify if there are actually no logs?

AND jsonPayload.state = "EXPIRED"

AND jsonPayload.state = "CLOSE_TO_EXPIRY"

Since this is a configuration-based alert, it will only work if the Certificate Manager logs in Cloud Logging indicate that a certificate is close to expiration or has expired. You might want to create an issue in Google Cloud's public issue tracker regarding this matter.

Thank you.

View solution in original post

No log for certificate expiration in Certificate Manager