Cerbot doesn't automatically renew ssl after 90 days


#1

Hello all of you.
I’m having trouble: Cerbot doesn’t automatically renew ssl after 90 days
I am using the operating system: Centos 6
I am using webserver: nginx (LEMP)
And follow the instructions in this link: https://certbot.eff.org/lets-encrypt/centos6-nginx

However, sites that are not automatically renewed, I have to manually renew. Please help me! Thanks


#2

Did you create a cronjob for certbot-auto?

In /var/log/letsencrypt/, do you see any log files from when Certbot attempted renewal but failed? Can you post one of those log files?


#3

Let me find the log file and send you :slight_smile:


#4

This is the latest log:

2019-01-21 00:19:18,469:DEBUG:certbot.main:certbot version: 0.30.0
2019-01-21 00:19:18,469:DEBUG:certbot.main:Arguments:
2019-01-21 00:19:18,470:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-01-21 00:19:18,493:DEBUG:certbot.log:Root logging level set at 20
2019-01-21 00:19:18,494:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-01-21 00:19:18,561:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7fb91e0007f0> and installer <certbot.cli._Default object at 0x7fb91e0007f0>
2019-01-21 00:19:18,606:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2019-01-11 16:53:12 UTC.
2019-01-21 00:19:18,606:INFO:certbot.renewal:Cert is due for renewal, auto-renewing…
2019-01-21 00:19:18,606:INFO:certbot.renewal:Non-interactive renewal: random delay of 377 seconds
2019-01-21 00:25:35,707:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2019-01-21 00:25:35,713:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#nginx): Could not find a usable ‘nginx’ binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/plugins/disco.py”, line 132, in prepare
self._initialized.prepare()
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot_nginx/configurator.py”, line 145, in prepare
"Could not find a usable ‘nginx’ binary. Ensure nginx exists, "
certbot.errors.NoInstallationError: Could not find a usable ‘nginx’ binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.
2019-01-21 00:25:35,716:DEBUG:certbot.plugins.selection:No candidate plugin
2019-01-21 00:25:35,716:DEBUG:certbot.plugins.selection:No candidate plugin
2019-01-21 00:25:35,716:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
2019-01-21 00:25:35,716:INFO:certbot.main:Could not choose appropriate plugin: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError(“Could not find a usable ‘nginx’ binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.”,)
2019-01-21 00:25:35,717:WARNING:certbot.renewal:Attempting to renew cert (vietnamesetyping.com) from /etc/letsencrypt/renewal/vietnamesetyping.com.conf produced an unexpected error: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError(“Could not find a usable ‘nginx’ binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.”,). Skipping.
2019-01-21 00:25:35,721:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/renewal.py”, line 452, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/main.py”, line 1186, in renew_cert
installer, auth = plug_sel.choose_configurator_plugins(config, plugins, “certonly”)
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/plugins/selection.py”, line 237, in choose_configurator_plugins
diagnose_configurator_problem(“authenticator”, req_auth, plugins)
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/plugins/selection.py”, line 341, in diagnose_configurator_problem
raise errors.PluginSelectionError(msg)
certbot.errors.PluginSelectionError: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError(“Could not find a usable ‘nginx’ binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.”,)


#5

Great. So here’s the crux of the issue:

On most Linux systems, the nginx binary would be located on the $PATH when Certbot runs. What’s this show?

command -v nginx

Can you show us how you setup the the cronjob? This may affect how the $PATH is populated when the cron task actually runs.


#6

One thing in your environment that could cause this issue is a couple of lines in /etc/crontab that usually look something like:

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

If your nginx binary is not located in one of the directories specified in that PATH= line, then Certbot would fail in the way from your log file.

So the remedy would be to add the directory where the nginx binary is located, to that line.


#7

My crontab command is:
0 0,12 * * * python -c ‘import random; import time; time.sleep(random.random() * 3600)’ && /path/to/certbot-auto renew

Inside: /path/to/certbot-auto is root/cerbot/certbot-auto


#8

This is confusing/unclear to me…
Does calling this command directly work (or even do anything)?:
/path/to/certbot-auto renew

Or does it only work with?:
/root/cerbot/certbot-auto renew


#9

Make sure your /etc/crontab’s PATH= line contains the directory in which your nginx binary is located.