Certbot not auto-renewing on Amazon Linux EC2

Something that has been working for almost 2 years… now suddenly is not working.

Tried literally every command I can find, with all possible options and flags and the renewal process hangs on the “Creating Virtual Environment…” step, or the “Installing setuptools, pip, wheel…”

When it gets stuck on the above, this results in the server CPU spinning out of control and falling over - requiring a server reboot.

Any tips on how to get this back working again?

To add to the confusion, there are 3 other completely identical servers (same PIP versions, same Python versions, same Certbot versions, same Amazon Linux versions) - all of which work absolutely fine.

Hi @MichaelCropper1

please answer the following questions. That’s the standard template of #help


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Web server: AWS EC2 t2.medium
OS: Amazon Linux
SSH: Yes
Control Panel: No
Certbot version: 0.35.1

Got it renewed finally, https://crt.sh/?id=1567223650

I’d really like to understand what went on though. In the end, I ended up bumping up the AWS EC2 instance size of the server to a t2.large to give it some more juice and even still, it took a whole 45 minutes of waiting until the “… Done… Installing Python Packages…” bits and the other bits after that actually completed.

During this time, I was watching the CPU usage on the server and the Python script was eating up 100% of one of the CPUs, so it was trying to do something the whole time.

What would cause something like this? Trouble from the Certbot script communicating with the outside world? Trouble on one of the third party servers that was being called? Trouble with Certbot auto-updating the script? Something else?

As I say, I’ve never had a problem like this before with Certbot and I use Certbot for everything - I’d just like to understand why it happened and if there is anything that can be done to prevent this happening again in the future.

Regards,
Michael