Hello,
We are using External LB with managed SSL certificates and reading the documentation, I understand that these get renewed every 90 days automatically - google-managed-certs-renewal
Does anyone know, if this is logged in GCP, if so what can I search for or is there a way to get notified of an upcoming renewal?
Thank you.
You can create log based alert in Monitoring using below log pattern
logName = "projects/PROJECT_ID/logs/certificatemanager.googleapis.com%2Fcertificates_expiry" AND jsonPayload.state = "CLOSE_TO_EXPIRY"
Please find complete documentation
https://cloud.google.com/certificate-manager/docs/logs-metrics
Thank you for the reply, the link is very useful and is what I’m looking for.
I have ran the example query in Log Explore (including changing the project id) however I’m not seeing any results.
I have tried running just:
logName = "projects/<<ProjectID>>/logs/certificatemanager.googleapis.com"
Without any success, do you know if anything needs to be enabled on the service to ensure logging is active?
do you have any expiring certs available in project?
What I can see in docs is that loggong is always enabled by default for certificates but it produces very minimal logs. Unfortunately I do not have any certificates currently to validate in my project else I would try to analyze and help you.
Thank you @VishalBulbule for the additional information. I did have an issue with a certificate last month and I’m struggling to find anything in the logs.
I will continue to investigate but thank you for your help.
