Auto-renewal debugging, any official guide?

bitinn · December 14, 2016, 11:43am

I can’t believe I still have problems configuring crontab after using VPS for 10+ years, but here is my current problem:

In /var/log/syslog

Dec 14 04:00:01 s2 CRON[25877]: (root) CMD (/home/myuser/cert/certbot-auto renew --post-hook "service nginx reload" > /dev/null)
Dec 14 04:00:03 s2 CRON[25876]: (CRON) info (No MTA installed, discarding output)

And no log for this cron job in /var/log/letsencrypt/ folder.

My certificate isn’t updated automatically. I have to do manual update (does work).

A few troubleshooting:

My cron service is running.
Manually running command works (using my username account with sudo right).
Manual run doesn’t produce error and does log in /var/log/letsencrypt/.
I am using crontab -u root -e to setup my cron jobs.
certbot --version is 0.9.3.
my root account doesn’t have a password, ie. sudo passwd -dl root.

So, should I somehow run cron job using my own account or should I configure root cron job differently to troubleshoot my problem?

MitchellK · December 14, 2016, 12:13pm

Why don’t you try doing it my way.

Create a bash script in /bin called /bin/certbotrenew.sh as follows

#!/bin/bash
cd /opt/certbot
sudo ./certbot-auto renew >> /var/log/certbot-renew.log
sudo service nginx reload
mail -s "CERTBOT Renewals" youremail@wherever.com < /var/log/certbot-renew.log
exit 0

make the script executable

sudo chmod +x /bin/certbotrenew.sh

Then go

sudo crontab -e

and add this line

00 20 * * 1 /bin/certbotrenew.sh

This mails you the log file every Monday when it runs so you can quickly spot any errors in the log file, renewals processed etc.

Works 100% for me never missed a single renewal yet.

serverco · December 14, 2016, 2:21pm

Since there is an error of;

There is no Mail Transport Agent installed on the server ( or at least none that the system can find) - hence the bash script with "mail' in it is equally as likely to fail.

You could either install an MTA ( so you get emailed the output) or you can pipe the info into a log ( either on the cron line, or as in the bash that MitchellK suggested).

My guess is that there is a PATH difference between your cron and when running the command on the prompt, hence your cron isn't working correctly.

system · January 13, 2017, 2:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.