Hello,

>> In case machines are off while the script performs his weekly check (no
>> 24/7er) the next check will be made one/two week(s) later which might be a
>> long time if you do not know where the problem is.
>> I would do make there possibly a daily check and would also set the UPDATE to
>> a week or 5 days instead of the current 2 before expiration date so more days
>> can be grabbed even the check should be a fast one.
> 
> Cron will take care of this. It will automatically perform the cron jobs a
> little while after the system has been booted and when the cron jobs should have
> been executed while it was shut down.
> 
> https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=config/cron/crontab;h=4561f4a2
> 43239b8b5bd3525c067dc6a70395489c;hb=HEAD#l13
> 
> It's the "bootrun" argument there.

Thanks for clarification haven´t had that in mind. Will deliver the updater then to 'frcon.weekly'. Will also set the update before expiration interval to 10 days before, 8 might be also OK for a weekly cronjob but possibly better to have 2 days + ?!

>> if successful:
>> Feb  3 17:56:41 ipfire-server crl_updater[18998]: Using configuration from
>> /var/ipfire/ovpn/openssl/ovpn.cnf
>> 
>> which equals to the OpenSSL command output ( 2>&1 | logger ). 
> 
> Do we need to log the output of OpenSSL? A line that says something like "Could
> not update the OpenVPN CA CRL" should do, shouldn't it? People should run the
> script themselves then and see what is going wrong.

No i don´t think so, lines in messages looks even better then. Did that now like you suggested.

>> Otherwise all other quested changes has been made and are ready so far, might
>> be nice to push the remaining CGI changes soon i think :-) .
> 
> Cool.
> 
> Let me know if I can be of any more help.

Great thanks for your offer and your help. If there is no veto for the above changes i will deliver the patch today in the evening.

Have also fetched the actual openssl-11 branch with all needed changes, thanks for keeping this up to date :-) .

All the best,

Erik