Autorenew in crontab

I’m just now getting one of my webservers moved over from TLS1.0. When I manually run sudo certbot renew, all seems well.

So then I went and added this to crontab, but am getting a bunch of errors:

Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.28.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 542, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2569, in load_entry_point
    return ep.load()
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2229, in load
    return self.resolve()
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2235, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 10, in <module>
    import josepy as jose
  File "/usr/lib/python3/dist-packages/josepy/__init__.py", line 44, in <module>
    from josepy.interfaces import JSONDeSerializable
  File "/usr/lib/python3/dist-packages/josepy/interfaces.py", line 8, in <module>
    from josepy import errors, util
  File "/usr/lib/python3/dist-packages/josepy/util.py", line 4, in <module>
    import OpenSSL
  File "/usr/lib/python3/dist-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 12, in <module>
    from cryptography import x509
  File "/usr/lib/python3/dist-packages/cryptography/x509/__init__.py", line 9, in <module>
    from cryptography.x509.base import (
  File "/usr/lib/python3/dist-packages/cryptography/x509/base.py", line 16, in <module>
    from cryptography.x509.extensions import Extension, ExtensionType
  File "/usr/lib/python3/dist-packages/cryptography/x509/extensions.py", line 18, in <module>
    from cryptography.hazmat.primitives import constant_time, serialization
  File "/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/constant_time.py", line 9, in <module>
    from cryptography.hazmat.bindings._constant_time import lib
ModuleNotFoundError: No module named '_cffi_backend'

I thought this might be an issue with the environment variables, but I put the certbot steps in a shell script and added a full path line before it, but got the same error.

I’m running certbot version 0.28.0 on Ubuntu, with Apache2.

I assume this might have something to do with my python versions, but I’m not really sure how to unwind that… Any advice? Thanks!

Hi,

What command are you executing on the server? (And in crontab?)

Could you please provide more information on your environment?

What’s your python version?
What’s your Ubuntu version?
What’s the Apache version?

Have you tried to update certbot?

Thank you

On the command line, I simply run “sudo certbot renew”

In the sudo crontab -e, I have tried a variety of things, but entering “certbot renew” gives the same results as the few other things I’ve tried.

I have a number of python versions. Python2.7 is the default:

$ python --version
Python 2.7.12
$ python3 --version
Python 3.6.3

Running ubuntu 16.04:

Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 2.6.32-042stab127.2 x86_64)

Apache2:

$ apache2 -version
Server version: Apache/2.4.18 (Ubuntu)
Server built:   2017-09-18T15:09:02

Certbot is on version 0.28.0

$ certbot --version
certbot 0.28.0

I just noticed if I " sudo su" then run certbot renew on the command line, I’m getting the same errors as via crontab.

And do you still remember what source / command did you use to install certbot?

Thank you

I don’t remember, but I just did (as sudo su):
pip uninstall cryptography
pip uninstall paramiko
pip install paramiko

Now when I run certbot renew as root, it seems to be working and my test cronjob just emailed me saying nothing was due for renewal, so I think that must have been it. I swear I tried that previously, but I probably did it as my user, not as root.

Thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.