This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

SSL Certificate Renewal Notification

Posted on 01-25-2023 03:59 AM
peter-weller
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hello,

We are using External LB with managed SSL certificates and reading the documentation, I understand that these get renewed every 90 days automatically - google-managed-certs-renewal 

Does anyone know, if this is logged in GCP, if so what can I search for or is there a way to get notified of an upcoming renewal?

Thank you. 

Solved Solved
0 4 1,866
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
peter-weller
Bronze 2
Bronze 2
In response to VishalBulbule
Reply posted on --/--/---- --:-- AM

Hi @VishalBulbule 

Thank you for the reply, the link is very useful and is what I'm looking for.

I have ran the example query in Log Explore (including changing the project id) however I'm not seeing any results. 

I have tried running just:

logName = "projects/<<ProjectID>>/logs/certificatemanager.googleapis.com"

Without any success, do you know if anything needs to be enabled on the service to ensure logging is active?

View solution in original post

Jump to Solution
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
VishalBulbule
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

@peter-weller 

You can create log based alert in Monitoring using below log pattern

 

logName = "projects/PROJECT_ID/logs/certificatemanager.googleapis.com%2Fcertificates_expiry" AND jsonPayload.state = "CLOSE_TO_EXPIRY"

 Please find complete documentation

https://cloud.google.com/certificate-manager/docs/logs-metrics

Jump to Solution

Posted on --/--/---- --:-- AM
peter-weller
Bronze 2
Bronze 2
In response to VishalBulbule
Reply posted on --/--/---- --:-- AM

Hi @VishalBulbule 

Thank you for the reply, the link is very useful and is what I'm looking for.

I have ran the example query in Log Explore (including changing the project id) however I'm not seeing any results. 

I have tried running just:

logName = "projects/<<ProjectID>>/logs/certificatemanager.googleapis.com"

Without any success, do you know if anything needs to be enabled on the service to ensure logging is active?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
VishalBulbule
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

@peter-weller 

do you have any expiring certs available in project?

What I can see in docs is that loggong is always enabled by default for certificates but it produces very minimal logs. Unfortunately I do not have any certificates currently to validate in my project else I would try to analyze and help you.

VishalBulbule_0-1674666421795.png

 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
peter-weller
Bronze 2
Bronze 2
In response to VishalBulbule
Reply posted on --/--/---- --:-- AM

Thank you @VishalBulbule for the additional information.  I did have an issue with a certificate last month and I'm struggling to find anything in the logs.

I will continue to investigate but thank you for your help.

Jump to Solution
0 Likes
Top Labels in this Space
Top Solution Authors
View all