Thank you Nick for this. I spent an hour trying to figure this out before I chanced upon this note. I completely forgot (or didn't realize) that the check mark on a completely other setup screen (WAN) had this Automatic DNS checkbox.
I think that there should be a note on the IP Settings > Network about the Temporary DNS vs Automatic and where to find it. Can I log an improvement suggestion somewhere?
As of two days ago, I started to get the following message via anacron.
I am running the Content Filter and Proxy in tranparent mode on Community 7.x
I have Reset the Cache on the Proxy and will see if that restarts/finds whatever is missing.
Am I missing something else?
Thank you all for your help.
I thought I should give you an update.
Given some of the posts here and found through Google, I decided to try to rule out the replacement Access Point. I exchanged the new with the old Access Point to see if that might fix things.
As of the past 4 days, I've only had 1 changed ethernet connection and 1 flip flop. So I'm leaning towards the Access Point being the culprit.
I've contacted the Access Point supplier to see if by chance the box is sending out DHCP connections even when it is supposed to be turned off.
Will report back as I learn more.
Thank you Nick. Appreciate your help as always!
Is there a way to find what the "your_LAN_interface" is being used from the command?
Before I mess with the command, I should know what "your_LAN_interface" is being executed in the default state.
As I have 2 network segments perhaps I need to add the second segment using the -n option?? Maybe the default is our wired segment but not the wifi segment?
In the man for arpwatch. It says:
I would like to keep arpwatch sending info when it really should and if I turn of the emails then I won't get something when I really should look at it. So I'd really like to continue to try to figure out why this is happening.
Over the past week, I've started getting a lot of emails from arpwatch. I'm not sure how to figure out what has changed that this is now happening.
Typically I'm getting the following messages but also a few "changed ethernet address". The "changed ethernet" are not very often though.
Interestingly enough this is only happening with an replacement wifi router in assess mode, one Macbook, an iMac and 3 iphones. They are all using the WIFI network segment to connect. But we have other devices (Android, Chromecast) using WIFI on our network and they aren't having this problem. There are no issues on the wired segment of the network.
The access point has the same settings as the one it replaced. It had no problems like this before. I'm not 100% sure if this started happening after the replacement router was installed or if it started when arpwatch was updated in the 7.5 upgrade. The earliest arpwatch emails are from May 15th.
I've done a bunch of Googling and can't find anything relevant to my network or situation that might cause this. I am wondering if the Access Point is running a DHCP server despite it being disabled but I don't know how to check.
I would appreciate any suggestions on how to debug as the 20+ emails per day from arpwatch are getting very tedious.
Thanks in advance.
Nick Howitt wrote:
A renewal check takes place every night. Have a look in /var/log/letsencrypt/. Actual renewals are attempted nightly from 30 days to expiry. If you have set up any test/dummy certificates then deleted them, I believe you will still get renewal e-mails from Let's Encrypt and you have to ignore them. You can see the expiry dates of any current manager in the Webconfig let's Encrypt landing page.
The log says no renewal necessary.
2019-03-14 04:15:09,863EBUG:certbot.main:certbot version: 0.31.0
2019-03-14 04:15:09,863EBUG:certbot.main:Arguments: ['--standalone', '--preferred-challenges', 'http-01']
2019-03-14 04:15:09,863EBUG:certbot.mainiscovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-03-14 04:15:12,621EBUG:certbot.log:Root logging level set at 20
2019-03-14 04:15:12,621:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-03-14 04:15:12,667EBUG:certbot.plugins.selection:Requested authenticator standalone and installer <certbot.cli._Default object at 0x7f30652e1310>
2019-03-14 04:15:12,667EBUG:certbot.cli:Var pref_challs=http-01 (set by user).
2019-03-14 04:15:12,668EBUG:certbot.cli:Var authenticator=standalone (set by user).
2019-03-14 04:15:12,679:INFO:certbot.renewal:Cert not yet due for renewal
2019-03-14 04:15:12,679EBUG:certbot.plugins.selection:Requested authenticator standalone and installer None
2019-03-14 04:15:12,683EBUG:certbot.cli:Var pref_challs=http-01 (set by user).
2019-03-14 04:15:12,683EBUG:certbot.cli:Var authenticator=standalone (set by user).
2019-03-14 04:15:12,702:INFO:certbot.renewal:Cert not yet due for renewal
2019-03-14 04:15:12,703EBUG:certbot.plugins.selection:Requested authenticator standalone and installer None
2019-03-14 04:15:12,703EBUG:certbot.renewal:no renewal failures
Strange that I got an email for a renewal but the log says no renewal necessary. I went back 3 days (covers off when the renewl email came in) but no notice of actual renewal happening. <confused>
Nick Howitt wrote:
It looks like the community version went to certbot 0.31 in the last few days anyway. I don't know when the Business version will follow.
I noticed that too.
BTW, today I got the reminder from Let's Encrypt.
Your certificate (or certificates) for the names listed below will expire in 19 days (on 02 Apr 19 16:00 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.
We recommend renewing certificates automatically when they have a third of their
total lifetime left. For Let's Encrypt's current 90-day certificates, that means
renewing 30 days before expiration. See
https://letsencrypt.org/docs/integration-guide/ for details.
Do you have an idea when the renewal is to take place? I can't find an option in the GUI and haven't looked at the config files yet. But now it's on my list of things to check.
Nick Howitt wrote:
One of my certificates renewed successfully last night. Have yours renewed OK yet?
sorry for the long delay in answering. I did a full reinstall and created new certificates and they haven't gotten around to renew so far. I think it will be OK. I'll let you know when it updates.
I added the HTTP-01 line.
Since I'm now using the Let's Encrypt application, how do you restart it to take into account the new config file?
I can't find a service that is enabled for Let's Encrypt ... but that could be due to a PEBCAK. :-)