Can't Renew Certificates With Dehydraded

smokie · November 12, 2020, 2:39pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: reportscores.com

I ran this command: /usr/bin/dehydrated -c

It produced this output:

INFO: Using main config file /etc/dehydrated/config

INFO: Running /usr/bin/dehydrated as alien/wheel

INFO: Using main config file /etc/dehydrated/config

ERROR: Lock file '/etc/dehydrated/var/Lock' present, aborting.

My web server is (include version): Apache 2.4.7

The operating system my web server runs on is (include version):

Slackware

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): dehydrated

JuergenAuer · November 12, 2020, 3:00pm

Hi @smokie

two things are possible:

there is another running dehydrated, that blocks -> wait
the last run crashed, so that file isn't deleted. Make a backup of that file, delete it. Then try it again. Or rename the file, then try it again.

rg305 · November 12, 2020, 4:35pm

Perhaps the automated script is waiting for input (like when run in a manual mode).

smokie · November 13, 2020, 5:30am

etc/dehydrated/var/Lock is a directory that is empty.

As I understand it, dehydrated is not a service or deamon, it is executed occasionally with cron so I don't understand why it is locked.

smokie · November 13, 2020, 5:48am

Can I use a different client to renew Certs even though I obtained then with dehydrated?

rg305 · November 13, 2020, 5:52am

If you use a different client, it will most likely know nothing about the dehydrated certs.
You may be able to get new ones with another client.

As for the "Lock", as I read the error message, the mere presence of the Lock (be it file or folder) signals dehydrated to abort.
Try removing the directory.
But first check that there are no hidden files within it:
ls -la /etc/dehydrated/var/Lock

JuergenAuer · November 13, 2020, 9:04am

Then it's a signaling directory, that's the same.

File / directory exists -> one dehydrated is running -> other dehydrated are stopped.

Then remove the directory.

Or select another client.

system · December 13, 2020, 9:04am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.