Auto renew issue


#1

Hi,

I am running Let’s Encrypt on an Ubuntu server. I followed step 4 in this guide to setup auto renewal via Cron. - https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04

However the renewal fails and shows this in the log file:

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/homepage.domain.co.uk/fullchain.pem (failure)

If I run /opt/letsencrypt/letsencrypt-auto renew in the CLI the renewal works just fine.

Does anyone have any thoughts please?

Thanks


#2

Hello,

I have a look into this more, The error show is below. However we have the DNS setup correctly. For outside we can get onto the sites.

I do see its connecting via HTTP, but Apache is setup to redirect http to https. could this be breaking it?

Thanks

Domain: site.co.uk
Type: connection
Detail: Could not connect to
http://site.co.uk/.well-known/acme-challenge/ljcRVA9-UkhovZomA1eQR5_ratZ46M-1iY5ojRBhHS8

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.


#3

If you add a file ( such as “test” with plain acsii text “success” in it ) to {webroot}/.well-known/acme-challenge/test can you reach it in a general browser from the internet ( not one specifically whitelisted ) at site.co.uk/.well-known/acme-challenge/test ?


#4

Hello,

I have done that, when i go to https://www.site.co.uk/.well-known/acme-challenge/test.txt I can see the contents.

Thanks


#5

Is that your real domain name ? if so I can’t reach the file. If it isn’t - can you provide your real domain name for us to test please.


#6

Its not the real domain name.

falingepark.com is one of the real domain names.

Thanks


#7

Thanks.

Can you place a test file in {webroot}/.well-known/acme-challenge on that account please ( at the moment I get redirected to https, then redirected to www. but then I get a 404, file not found)


#8

Can you see this?

https://www.falingepark.com/.well-known/acme-challenge/test.txt

Thanks


#9

yes - testworks

(sorry, was trying test not test.txt before )


#10

going back to your original post, there seem to be 2 things, which may or not be connected.

Initially, you say that it works when run on the command line, and fails when run as a cron. This strikes me as either a permissions of path / environment variable issue.

Your second post is about the DNS issue … there was a DNS issue yesterday at the letsencrypt side. Was this just a temporary issue whilst you were testing ? and possibly no longer an issue ?


#11

I was testing this just an hour ago and had the same issue.

Thanks


#12

I am having the same issue.

Running this command

/opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log 

From a cron job give me the same error as ZFWT is seeing, However if I run the same command from a terminal it works fine.

I also checked on the lets encrypt log file located in /var/log/letsencrypt
Here is the full log file
https://dl.dropboxusercontent.com/u/1754769/letsencryptError.log

Here is a section that I thought was interesting.
2016-07-03 06:00:05,860:INFO:certbot.renewal:Cert is due for renewal, auto-renewing…
2016-07-03 06:00:05,878:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2016-07-03 06:00:05,940:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#apache):
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/plugins/disco.py”, line 105, in prepare
self._initialized.prepare()
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 161, in prepare
raise errors.NoInstallationError
NoInstallationError

So from what I gather for some reason it thinks Apache isn’t installed when the cron job runs.

The cron job is running as root, so it shouldn’t be any permission issues.


#13

I have the same issue. When run from cron it fails. When run from the command line, it renews without error.


#14

Does this help - https://github.com/certbot/certbot/issues/1833


#15

Hi,

Did anyone manage to fix this please?

Thanks


#16

this is fixed in the Debian packages as of 0.8.1-2.

What is your setup and what is the exact issue you are seeing ? and have you tried correcting the PATH.


#17

I have just had to run this manually as the certificate is close the expiring and I now get the errors all the time :frowning:


#18

Ok, so no longer just happening when run as a cron for you. From the original post you say “If I run /opt/letsencrypt/letsencrypt-auto renew in the CLI the renewal works just fine.”

Can you ensure you are using the latest version of certbot, with verbose mode, and paste the log please ( it may be easier to paste it in pastebin.com )


#19

Hi,

I have just run the command manually again and it has worked and renewed all my certificates. Must have been a glitch?

But it still didn’t work as a Cron job.

Thanks


#20

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.