Certbot cron renewal not working with proxy

Help
1

I’ve recently had to install a forward proxy on the machine that certbot is running on, but I can’t seem to get certbot to use it.

There are some posts here which imply my approach should work. But the posts are a bit old so I don’t know if certbot has changed in that time.

I don’t know whether the envars are case-sensitive so I’ve tried both, and also put them into /etc/environment.

My domain is: www.hatters.org.uk

I ran this command (in /etc/cron.d/certbot):

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

http_proxy=http://localhost:8888/
https_proxy=http://localhost:8888/
HTTP_PROXY=http://localhost:8888/
HTTPS_PROXY=http://localhost:8888/

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew -i apache -a apache/etc/cron.d/certbot

It produced this output:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 601, in urlopen
    chunked=chunked)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 346, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 852, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 284, in connect
    conn = self._new_conn()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 150, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7f886d61f978>: Failed to establish a new connection: [Errno 111] Connection refused

My web server is (include version):

Apache 2.4.29

The operating system my web server runs on is (include version):

Ubuntu 18.04.3

My hosting provider, if applicable, is:

Jump Networks Ltd

I can login to a root shell on my machine (yes or no, or I don’t know):

Yes

I’m not using a control panel

The version of my client:

0.31.0

1 Like
2

You’re using systemd, so the cron job is ignored.

See if you can set the environment variables with the systemd service.

1 Like
3

Ah, yes! The cron command is the default that comes with cerbot on Ubuntu so I hadn’t thought about that.

Now I need to work out how to give envars to systemd… :frowning:

1 Like
4

Hi @gilgongo,

This doc should show you how to use env vars in systemd. I use something similar on one of my boxes. https://coreos.com/os/docs/latest/using-environment-variables-in-systemd-units.html

2 Likes
5

Hm. I’ve tried giving systemd the proxy env but it still not working. Perhaps I’ve got another problem. I’ll create a separate ticket.

6

Try this. I had similar issue with proxy server and firewall.

This is how I got it working. I added export line in front of the certbot renew command. My system is CentOS 7. Following is the line in my cron job.

0 0 * * 0 export HTTPS_PROXY=http://yourproxy:port && /usr/bin/certbot renew

You can add > /tmp/somelogfile at the end of the line to get the screen output saved.

Hope this works for you.

7

Thanks - I tried something similar but it turns out the certbot package for Ubuntu uses a systemd timer and not cron. The crontab that ships with the package doesn’t do anything, and activating it may in fact cause problems. Why that is, I don’t know. But in the end I solved the proxy issue by setting the envvar in the certbot systemd unit file.

8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.