When I manually renew my certificates with this command:
$ certbot renew
it works too.
However, the automatic renewal does not work. In the syslog, I get this:
Jul 9 15:00:21 dev systemd[1]: Starting Certbot...
Jul 9 15:00:23 dev certbot[21649]: Renewal configuration file /etc/letsencrypt/renewal/dev.newbanking.com.conf (cert: dev.newbanking.com) produced an unexpected error: 'Namespace' object has no attribute 'dns_cloudflare_credentials'. Skipping.
Jul 9 15:00:23 dev certbot[21649]: 0 renew failure(s), 1 parse failure(s)
Jul 9 15:00:23 dev systemd[1]: certbot.service: Main process exited, code=exited, status=1/FAILURE
Jul 9 15:00:23 dev systemd[1]: Failed to start Certbot.
Jul 9 15:00:23 dev systemd[1]: certbot.service: Unit entered failed state.
Jul 9 15:00:23 dev systemd[1]: certbot.service: Failed with result 'exit-code'.
The /etc/letsencrypt/renewal/dev.newbanking.com.conf file looks like this:
I can run the certbot commands manually to successfully renew my certificate using the Cloudflare plugin. So, the Cloudflare plugin must be properly installed and used, at least when I manually run certbot.
However, running your suggested commands yield this:
root@dev:~# dpkg-query -l python-certbot-dns-cloudflare
dpkg-query: no packages found matching python-certbot-dns-cloudflare
root@dev:~# apt -y install python-certbot-dns-cloudflare
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package python-certbot-dns-cloudflare
root@dev:~# which -a certbot
/usr/local/bin/certbot
/usr/bin/certbot
root@dev:~# ls -l /usr/local/bin/certbot
-rwxr-xr-x 1 root root 214 Jan 18 11:33 /usr/local/bin/certbot
root@dev:~# ls -l /usr/bin/certbot
-rwxr-xr-x 1 root root 385 Mar 12 17:28 /usr/bin/certbot
root@dev:~# /usr/local/bin/certbot --version
certbot 0.30.0
root@dev:~# /usr/bin/certbot --version
certbot 0.31.0
What's the proper solution to this? To replace /usr/bin/certbot (0.31.0) with a softlink to /usr/local/bin/certbot (0.30.0) ? (Seems like a hack, though.)
I found that "systemctl start certbot.timer" starts the timer and reports the following in /var/log/syslog:
Jul 11 07:37:53 dev systemd[1]: Started Run certbot twice daily.
And that "systemctl start certbot.service" triggers the process and reports the following in /var/log/syslog:
Jul 11 07:38:21 dev systemd[1]: Starting Certbot...
Jul 11 07:38:22 dev certbot[5248]: Renewal configuration file /etc/letsencrypt/renewal/dev.newbanking.com.conf (cert: dev.newbanking.com) produced an unexpected error: 'Namespace' object has no attribute 'dns_cloudflare_credentials'. Skipping.
Jul 11 07:38:22 dev certbot[5248]: 0 renew failure(s), 1 parse failure(s)
Jul 11 07:38:22 dev systemd[1]: certbot.service: Main process exited, code=exited, status=1/FAILURE
Jul 11 07:38:22 dev systemd[1]: Failed to start Certbot.
Jul 11 07:38:22 dev systemd[1]: certbot.service: Unit entered failed state.
Jul 11 07:38:22 dev systemd[1]: certbot.service: Failed with result 'exit-code'.
Good to know how to trigger the certbot timer process! With this, it seems that replacing /usr/bin/certbot with a symlink to /usr/local/bin/certbot actually solves the problem: When I now run "systemctl start certbot.service" to trigger the process, it reports the following in /var/log/syslog:
Jul 11 07:46:20 dev systemd[1]: Starting Certbot...
Jul 11 07:46:21 dev systemd[1]: Started Certbot.
But... this solution is a hack. Probably the "right" long-term solution would be to uninstall both versions (which are quite old, I think), then re-install the latest version of certbot, then configure that to use dns-cloudflare plugin, and then re-install my certificates. (Not sure if my skills are up to the task of properly purging the old versions and installing the latest version, though.)
Weird. I would 100% double-check that you have python3-certbot-dns-cloudflare installed from apt.
But yeah, running only the package from the PPA is the best course of action. Running the one from pip can end up with weird breakages if apt and pip fight over package versions.