Another instance of Certbot is already running

rg305 · May 1, 2023, 9:41pm

What happens with?:
certbot renew

rg305 · May 1, 2023, 9:44pm

I must be crossing my wires...
Are you still on version 1.21.0?

Can you switch to the latest version via snap?

H-Lo · May 1, 2023, 9:48pm

I did it with dry option as they were generated half an hour ago (you can check from browser as I did to be sure).

$ certbot renew --dry-run

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/thevegcat.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for thevegcat.com and 3 more domains

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
  /etc/letsencrypt/live/thevegcat.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

H-Lo · May 1, 2023, 9:51pm

It can't be old version because I did apt remove certbot before installing new version. Then tried to run it and it was command not found. After all that I installed new version using snap and when I run:
$ certbot --version
I get latest version: certbot 2.5.0.

But when I was doing uninstall of old version, my bad is that I didn't remove cron job or whatever it is - I'm not an expert for that part of Ubuntu or any -ix.

H-Lo · May 1, 2023, 10:02pm

And this:

$ cat /etc/letsencrypt/renewal/thevegcat.com.conf

# renew_before_expiry = 30 days
version = 2.5.0
archive_dir = /etc/letsencrypt/archive/thevegcat.com
cert = /etc/letsencrypt/live/thevegcat.com/cert.pem
privkey = /etc/letsencrypt/live/thevegcat.com/privkey.pem
chain = /etc/letsencrypt/live/thevegcat.com/chain.pem
fullchain = /etc/letsencrypt/live/thevegcat.com/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = f04ffc4b75519f50de6c52eb0a3ad4fd
authenticator = nginx
server = https://acme-v02.api.letsencrypt.org/directory
installer = nginx
key_type = ecdsa

H-Lo · May 1, 2023, 10:46pm

Is there any regular way to get this timer in working state?

More info:

$ locate certbot.timer -w

/etc/systemd/system/certbot.timer
/etc/systemd/system/timers.target.wants/certbot.timer
/var/lib/systemd/deb-systemd-helper-enabled/certbot.timer.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/timers.target.wants/certbot.timer
/var/lib/systemd/deb-systemd-helper-masked/certbot.timer
/var/lib/systemd/timers/stamp-certbot.timer

$ ls /var/lib/systemd/deb-systemd-helper-masked -al

total 8
drwxr-xr-x  2 root root 4096 May  1 21:07 .
drwxr-xr-x 11 root root 4096 Aug  3  2022 ..
-rw-r--r--  1 root root    0 May  1 21:07 certbot.timer
-rw-r--r--  1 root root    0 Aug  3  2022 sudo.service


$ ls /etc/systemd/system/timers.target.wants/cert* -al

lrwxrwxrwx 1 root root 33 Dec 12  2021 /etc/systemd/system/timers.target.wants/certbot.timer -> /lib/systemd/system/certbot.timer


$ ls /etc/systemd/system/cert* -al

lrwxrwxrwx 1 root root 9 May  1 21:07 /etc/systemd/system/certbot.timer -> /dev/null

MikeMcQ · May 1, 2023, 10:53pm

Problems with the timer don't occur very often. I won't have time for several hours to study this. Maybe someone like @_az will have good insight later

the only thing I would like to see is the result of this

systemctl list-timers

rg305 · May 1, 2023, 11:24pm

What shows?:
systemctl status snap.certbot.renew.timer

H-Lo · May 2, 2023, 5:22pm

Ok, stupid me. The timer below is a new one. And the timer below which is dead should be the old one, right?

$ systemctl status snap.certbot.renew.timer

● snap.certbot.renew.timer - Timer renew for snap application certbot.renew
     Loaded: loaded (/etc/systemd/system/snap.certbot.renew.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Mon 2023-05-01 21:06:32 UTC; 20h ago
    Trigger: Tue 2023-05-02 18:08:00 UTC; 47min left
   Triggers: ● snap.certbot.renew.service

May 01 21:06:32 ubuntu-8gb-nbg1-1 systemd[1]: Started Timer renew for snap application certbot.renew.


$ systemctl list-unit-files | grep cert

snap-certbot-2913.mount                    enabled         enabled
snap.certbot.renew.service                 static          -
certbot.timer                              masked          enabled
snap.certbot.renew.timer                   enabled         enabled

EDIT: Now I just removed file (symlink to be more correct) certbot.timer from /etc/systemd/system and when I run again systemctl list-unit-files | grep cert - it disappeared.

H-Lo · May 2, 2023, 5:24pm

Of course, I wouldn't ever ask someone to spend that amount of time especially because I can remove everything about Certbot and install from scratch in less time.

Thank you for your time and effort! If you look my previous comment - I guess I was looking at wrong timer.

MikeMcQ · May 2, 2023, 5:31pm

Yes, you see now the two timers. Yes, you can delete the non-snap one. Glad it's sorted.

I wasn't going to spend a couple hours researching. I just wanted to suggest using list-timers while I was away for that long

H-Lo · May 2, 2023, 5:33pm

Ok, everything is fixed now and I want to thank you all for your great help which was fast and detailed and helpful! <3

system · June 1, 2023, 5:34pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.