Hello Michael, some thoughts causing two quested points
+# Convert seconds to days +NEXTUPDATE="$((EXPIRINGDATEINSEC / DAYINSEC))"; +# Update of the CRL in days before CRL expiring date +UPDATE="2";
I think we should update every 14 days if the usual expiry time is 30. Therefore we will never get too close by accident.
So i would need then an frcontab entry and another location for the script since the fcron directories provides only daily, weekly and monthly. Another possibility might be a weekly check so we can use the fcron directories ?
In case machines are off while the script performs his weekly check (no 24/7er) the next check will be made one/two week(s) later which might be a long time if you do not know where the problem is. I would do make there possibly a daily check and would also set the UPDATE to a week or 5 days instead of the current 2 before expiration date so more days can be grabbed even the check should be a fast one.
Should we catch any errors of the openssl command?
OK i would then use may a '2>&1 | logger -i -t openvpn' instead so we get an OpenSSL command output in messages if the CRL has been renewed.
Have here two possibilities.
1) in error case: Feb 3 17:56:03 ipfire-server crl_updater[18986]: /etc/fcron.daily/ovpn_crl_updater.sh: line 56: /usr/bin/opensl: No such file or directory
if successful: Feb 3 17:56:41 ipfire-server crl_updater[18998]: Using configuration from /var/ipfire/ovpn/openssl/ovpn.cnf
which equals to the OpenSSL command output ( 2>&1 | logger ).
or 2)
in error case: Feb 2 19:02:34 ipfire-server openvpn: /etc/fcron.daily/ovpn_crl_updater.sh - CRL update failed
if successful: Feb 2 19:03:19 ipfire-server openvpn: /etc/fcron.daily/ovpn_crl_updater.sh - CRL has been updated
if else query echo´s a defined message so search string like failed or updated can also be logged ?
Otherwise all other quested changes has been made and are ready so far, might be nice to push the remaining CGI changes soon i think :-) .
Greetings,
Erik