What happens with?:
certbot renew
I must be crossing my wires...
Are you still on version 1.21.0?
Can you switch to the latest version via snap
?
I did it with dry option as they were generated half an hour ago (you can check from browser as I did to be sure).
$ certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/thevegcat.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for thevegcat.com and 3 more domains
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/thevegcat.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
It can't be old version because I did apt remove certbot
before installing new version. Then tried to run it and it was command not found. After all that I installed new version using snap and when I run:
$ certbot --version
I get latest version: certbot 2.5.0
.
But when I was doing uninstall of old version, my bad is that I didn't remove cron job or whatever it is - I'm not an expert for that part of Ubuntu or any -ix.
And this:
$ cat /etc/letsencrypt/renewal/thevegcat.com.conf
# renew_before_expiry = 30 days
version = 2.5.0
archive_dir = /etc/letsencrypt/archive/thevegcat.com
cert = /etc/letsencrypt/live/thevegcat.com/cert.pem
privkey = /etc/letsencrypt/live/thevegcat.com/privkey.pem
chain = /etc/letsencrypt/live/thevegcat.com/chain.pem
fullchain = /etc/letsencrypt/live/thevegcat.com/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = f04ffc4b75519f50de6c52eb0a3ad4fd
authenticator = nginx
server = https://acme-v02.api.letsencrypt.org/directory
installer = nginx
key_type = ecdsa
Is there any regular way to get this timer in working state?
More info:
$ locate certbot.timer -w
/etc/systemd/system/certbot.timer
/etc/systemd/system/timers.target.wants/certbot.timer
/var/lib/systemd/deb-systemd-helper-enabled/certbot.timer.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/timers.target.wants/certbot.timer
/var/lib/systemd/deb-systemd-helper-masked/certbot.timer
/var/lib/systemd/timers/stamp-certbot.timer
$ ls /var/lib/systemd/deb-systemd-helper-masked -al
total 8
drwxr-xr-x 2 root root 4096 May 1 21:07 .
drwxr-xr-x 11 root root 4096 Aug 3 2022 ..
-rw-r--r-- 1 root root 0 May 1 21:07 certbot.timer
-rw-r--r-- 1 root root 0 Aug 3 2022 sudo.service
$ ls /etc/systemd/system/timers.target.wants/cert* -al
lrwxrwxrwx 1 root root 33 Dec 12 2021 /etc/systemd/system/timers.target.wants/certbot.timer -> /lib/systemd/system/certbot.timer
$ ls /etc/systemd/system/cert* -al
lrwxrwxrwx 1 root root 9 May 1 21:07 /etc/systemd/system/certbot.timer -> /dev/null
Problems with the timer don't occur very often. I won't have time for several hours to study this. Maybe someone like @_az will have good insight later
the only thing I would like to see is the result of this
systemctl list-timers
What shows?:
systemctl status snap.certbot.renew.timer
Ok, stupid me. The timer below is a new one. And the timer below which is dead should be the old one, right?
$ systemctl status snap.certbot.renew.timer
● snap.certbot.renew.timer - Timer renew for snap application certbot.renew
Loaded: loaded (/etc/systemd/system/snap.certbot.renew.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Mon 2023-05-01 21:06:32 UTC; 20h ago
Trigger: Tue 2023-05-02 18:08:00 UTC; 47min left
Triggers: ● snap.certbot.renew.service
May 01 21:06:32 ubuntu-8gb-nbg1-1 systemd[1]: Started Timer renew for snap application certbot.renew.
$ systemctl list-unit-files | grep cert
snap-certbot-2913.mount enabled enabled
snap.certbot.renew.service static -
certbot.timer masked enabled
snap.certbot.renew.timer enabled enabled
EDIT: Now I just removed file (symlink to be more correct) certbot.timer
from /etc/systemd/system
and when I run again systemctl list-unit-files | grep cert
- it disappeared.
Of course, I wouldn't ever ask someone to spend that amount of time especially because I can remove everything about Certbot and install from scratch in less time.
Thank you for your time and effort! If you look my previous comment - I guess I was looking at wrong timer.
Yes, you see now the two timers. Yes, you can delete the non-snap one. Glad it's sorted.
I wasn't going to spend a couple hours researching. I just wanted to suggest using list-timers
while I was away for that long
Ok, everything is fixed now and I want to thank you all for your great help which was fast and detailed and helpful! <3
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.