I know I am likely to be told to get told to get lost because this isn't an LE problem, but...
I just noticed this in my logs today:
Dec 26 01:50:01 alice systemd[1]: Starting Service for snap application certbot.renew...
Dec 26 01:53:58 alice systemd[1]: snap.certbot.renew.service: Main process exited, code=exited, status=1/FAILURE
Dec 26 01:53:58 alice systemd[1]: snap.certbot.renew.service: Failed with result 'exit-code'.
If I do snap list, I see:
Name Version Rev Tracking Publisher Notes
certbot 1.32.2 2618 latest/stable certbot-effâś“ classic
core20 20221123 1738 latest/stable canonicalâś“ base
snapd 2.57.6 17883 latest/stable canonicalâś“ snapd
but I also see:
# dpkg --list | grep certbot
rc certbot 0.27.0-1~ubuntu18.04.2 all automatically configure HTTPS using Let's Encrypt
ii python3-certbot 0.27.0-1~ubuntu18.04.2 all main library for certbot
# certbot --version
certbot 1.32.2
Is the error in the log to do with the fact that I've still got the apt package installed? Should I remove the apt packages? I see it's "marked for removal".
Nah, we also help people with their ACME client setup, no problem.
Can't say from the limited info we currently have, but it's not recommended to have multiple Certbot packages installed to begin with, whether it's causing an error or not.
Yes, you should
With regard to the Snap Certbot renewal error: there should be more info in the Certbot log file at /var/log/letsencrypt/letsencrypt.log.
Ah, thanks. OK I'll see if I can remove those packages... Oh what?
$ sudo apt remove certbot python3-certbot
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'certbot' is not installed, so not removed
The following packages will be REMOVED
python3-certbot
0 to upgrade, 0 to newly install, 1 to remove and 0 not to upgrade.
After this operation, 1,215 kB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.
Meanwhile:
I have very little clue what I'm looking at (or even for) in that log - mostly seems to be stuff about lines of python - but nothing seems to relate to that error.
Look for a log file in the folder that matches the time shown in the syslog in your first post. Older logs have a different name with a number appended.
Then copy that to a .txt file and use the upload button in this forum post to upload it. Or, copy/paste the whole thing here if upload not viable
Oh, if I do this, I get some errors about domains. Would they prevent the service from starting? Or is that not what it means? I think the owners of the domains in question have let them die/expire.
~$ systemctl status snap.certbot.renew.service
â—Ź snap.certbot.renew.service - Service for snap application certbot.renew
Loaded: loaded (/etc/systemd/system/snap.certbot.renew.service; static; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2022-12-27 15:21:06 GMT; 34min ago
Process: 10501 ExecStart=/usr/bin/snap run --timer=00:00~24:00/2 certbot.renew (code=exited, status=1/FAILURE)
Main PID: 10501 (code=exited, status=1/FAILURE)
Dec 27 15:14:00 alice systemd[1]: Starting Service for snap application certbot.renew...
Dec 27 15:20:52 alice certbot.renew[10501]: Failed to renew certificate www.hashnext.com with error: Some challenges have failed.
Dec 27 15:21:04 alice certbot.renew[10501]: Failed to renew certificate www.spekeugandaholidays.com with error: Some challenges have failed.
Dec 27 15:21:05 alice certbot.renew[10501]: All renewals failed. The following certificates could not be renewed:
Dec 27 15:21:05 alice certbot.renew[10501]: /etc/letsencrypt/live/www.hashnext.com/fullchain.pem (failure)
Dec 27 15:21:05 alice certbot.renew[10501]: /etc/letsencrypt/live/www.spekeugandaholidays.com/fullchain.pem (failure)
Dec 27 15:21:05 alice certbot.renew[10501]: 2 renew failure(s), 0 parse failure(s)
Dec 27 15:21:06 alice systemd[1]: snap.certbot.renew.service: Main process exited, code=exited, status=1/FAILURE
Dec 27 15:21:06 alice systemd[1]: snap.certbot.renew.service: Failed with result 'exit-code'.
Dec 27 15:21:06 alice systemd[1]: Failed to start Service for snap application certbot.renew.
EDIT: If I do a certbot renew --dry-run all domains are fine apart from those two. So now I don't know if this is a real problem or not...
EDIT 2: And I've also found this in sylog. This does't look good either!
Dec 27 11:47:02 alice systemd[26976]: snap.certbot.certbot.5c9f9163-8540-4e0a-b6da-acab49f702bd.scope: Failed to add PIDs to scope's control group: Permission denied
Dec 27 11:47:02 alice systemd[26976]: snap.certbot.certbot.5c9f9163-8540-4e0a-b6da-acab49f702bd.scope: Failed with result 'resources'.
Dec 27 11:47:02 alice systemd[26976]: Failed to start snap.certbot.certbot.5c9f9163-8540-4e0a-b6da-acab49f702bd.scope.
Maybe unnecessary, but actually step 6 in the Certbot instructions on certbot.eff.org
I don't know which path has precedence, but I'm guessing /usr/bin. So it's probably a good idea to have the symlink present there pointing to snap, just in case there's a rogue Certbot installed somwehere else, e.g. installed using pip so no other package manager tracks it.
With regard to the failing renewal service: I don't know how the snap renewal service should end if there are failing renewals. It's probably functioning as it should: if Certbots renewal fails due to some problematic renewal, it makes sense that the renewal service fails too?
Most of the certificates don't need renewing for about 30-40 days.
But what I can't work out is whether the certbot renewal service will run OK to renew them automatically. It has in the past, so maybe the errors I'm seeing in the logs have always been there - I've only just noticed them. But how do I tell if this is a "real" error or not?
Looking at the log file, I think everything is working fine. The renewal process starts up, fails to renew those two certificates, and exits with a non-zero exit code.
I think (hopefully) it is just a cosmetic issue which shouldn't affect Certbot. There's some more information in this comment about the error message. I think that is relevant to you, since you are on Ubuntu 18.04 which has systemd 237.