Certbot on Debian - Cron Job Configuration Not Working As Expected - Work when Command is Run in Bash

baddroid · June 1, 2017, 1:32pm

Please fill out the fields below so we can help you better.

The operating system my web server runs on is (include version): debian 8 (Jessie)

My hosting provider is: local server

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

There is command in cron.d/certbot:
root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e ‘sleep int(rand(3600))’ && certbot -q renew

Sometimes for some of my sites it fails with:
host=‘acme-v01.api.letsencrypt.org’,
+port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7fc2d8a93510>:
+Failed to establish a new connection: [Errno -2] Name or service not known’,)). Skipping.

But when I manually run from bash: certbot -q renew it doesn’t fail. Certs successfully renews.

There is /var/log/letsencrypt/letsencrypt.log for failed renew:
2017-06-01 09:09:40,236:DEBUG:certbot.main:Root logging level set at 30
2017-06-01 09:09:40,237:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-06-01 09:09:40,237:DEBUG:certbot.main:certbot version: 0.10.2
2017-06-01 09:09:40,237:DEBUG:certbot.main:Arguments: [’-q’]
2017-06-01 09:09:40,237:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,P
luginEntryPoint#standalone)
2017-06-01 09:09:40,241:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-06-01 09:09:40,244:DEBUG:parsedatetime:CRE_UNITS matched
2017-06-01 09:09:40,244:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-06-01 09:09:40,244:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-06-01 09:09:40,244:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-06-01 09:09:40,244:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=6, tm_mday=1, tm_hour=9, tm_min=9, tm_sec=40, tm
_wday=3, tm_yday=152, tm_isdst=0))
2017-06-01 09:09:40,244:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-06-01 09:09:40,244:DEBUG:parsedatetime:units days --> realunit days
2017-06-01 09:09:40,244:DEBUG:parsedatetime:return
2017-06-01 09:09:40,244:INFO:certbot.renewal:Cert not yet due for renewal
2017-06-01 09:09:40,246:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-06-01 09:09:40,246:DEBUG:parsedatetime:CRE_UNITS matched
2017-06-01 09:09:40,246:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-06-01 09:09:40,246:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-06-01 09:09:40,246:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-06-01 09:09:40,246:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=6, tm_mday=1, tm_hour=9, tm_min=9, tm_sec=40, tm
_wday=3, tm_yday=152, tm_isdst=0))
2017-06-01 09:09:40,246:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-06-01 09:09:40,246:DEBUG:parsedatetime:units days --> realunit days
2017-06-01 09:09:40,246:DEBUG:parsedatetime:return
2017-06-01 09:09:40,246:INFO:certbot.renewal:Cert not yet due for renewal
2017-06-01 09:09:40,248:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-06-01 09:09:40,248:DEBUG:parsedatetime:CRE_UNITS matched
2017-06-01 09:09:40,248:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-06-01 09:09:40,248:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-06-01 09:09:40,248:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-06-01 09:09:40,248:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=6, tm_mday=1, tm_hour=9, tm_min=9, tm_sec=40, tm
_wday=3, tm_yday=152, tm_isdst=0))
2017-06-01 09:09:40,248:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-06-01 09:09:40,248:DEBUG:parsedatetime:units days --> realunit days
2017-06-01 09:09:40,248:DEBUG:parsedatetime:return
2017-06-01 09:09:40,248:INFO:certbot.renewal:Cert not yet due for renewal
2017-06-01 09:09:40,249:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-06-01 09:09:40,249:DEBUG:parsedatetime:CRE_UNITS matched
2017-06-01 09:09:40,249:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-06-01 09:09:40,249:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-06-01 09:09:40,249:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-06-01 09:09:40,249:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=6, tm_mday=1, tm_hour=9, tm_min=9, tm_sec=40, tm_wday=3, tm_yday=152, tm_isdst=0))
2017-06-01 09:09:40,249:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-06-01 09:09:40,249:DEBUG:parsedatetime:units days --> realunit days
2017-06-01 09:09:40,249:DEBUG:parsedatetime:return
2017-06-01 09:09:40,249:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2017-06-19 15:13:00 UTC.
2017-06-01 09:09:40,250:INFO:certbot.renewal:Cert is due for renewal, auto-renewing…
2017-06-01 09:09:40,256:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2017-06-01 09:09:40,257:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7fc2d900ae50>
Prep: True
2017-06-01 09:09:40,258:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7fc2d900ae50> and installer None
2017-06-01 09:09:40,270:DEBUG:certbot.main:Picked account: <Account(d972e36b3a70d180fdf4153ba6621f6a)>
2017-06-01 09:09:40,271:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2017-06-01 09:09:40,272:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-06-01 09:09:50,280:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/mysite.mydomain.com.conf produced an unexpected error: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7fc2d8a93510>: Failed to establish a new connection: [Errno -2] Name or service not known’,)). Skipping.
2017-06-01 09:09:50,281:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/certbot/renewal.py”, line 413, in handle_renewal_request
main.obtain_cert(lineage_config, plugins, renewal_candidate)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 621, in obtain_cert
le_client = _init_le_client(config, auth, installer)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 406, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 199, in init
acme = acme_from_config_key(config, self.account.key)
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 41, in acme_from_config_key
return acme_client.Client(config.server, key=key, net=net)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 69, in init
self.net.get(directory).json())
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 641, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 614, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 475, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 596, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/python2.7/dist-packages/requests/adapters.py”, line 487, in send
raise ConnectionError(e, request=request)
ConnectionError: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7fc2d8a93510>: Failed to establish a new connection: [Errno -2] Name or service not known’,))

2017-06-01 09:09:50,283:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-06-01 09:09:50,283:DEBUG:parsedatetime:CRE_UNITS matched
2017-06-01 09:09:50,283:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-06-01 09:09:50,283:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-06-01 09:09:50,283:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-06-01 09:09:50,283:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=6, tm_mday=1, tm_hour=9, tm_min=9, tm_sec=50, tm_wday=3, tm_yday=152, tm_isdst=0))
2017-06-01 09:09:50,283:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-06-01 09:09:50,283:DEBUG:parsedatetime:units days --> realunit days
2017-06-01 09:09:50,283:DEBUG:parsedatetime:return
2017-06-01 09:09:50,283:INFO:certbot.renewal:Cert not yet due for renewal
2017-06-01 09:09:50,285:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-06-01 09:09:50,285:DEBUG:parsedatetime:CRE_UNITS matched
2017-06-01 09:09:50,285:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-06-01 09:09:50,285:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-06-01 09:09:50,285:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-06-01 09:09:50,285:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=6, tm_mday=1, tm_hour=9, tm_min=9, tm_sec=50, tm_wday=3, tm_yday=152, tm_isdst=0))
2017-06-01 09:09:50,285:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-06-01 09:09:50,285:DEBUG:parsedatetime:units days --> realunit days
2017-06-01 09:09:50,285:DEBUG:parsedatetime:return
2017-06-01 09:09:50,285:INFO:certbot.renewal:Cert not yet due for renewal
2017-06-01 09:09:50,287:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-06-01 09:09:50,287:DEBUG:parsedatetime:CRE_UNITS matched
2017-06-01 09:09:50,287:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-06-01 09:09:50,287:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-06-01 09:09:50,287:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-06-01 09:09:50,287:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=6, tm_mday=1, tm_hour=9, tm_min=9, tm_sec=50, tm_wday=3, tm_yday=152, tm_isdst=0))
2017-06-01 09:09:50,287:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-06-01 09:09:50,287:DEBUG:parsedatetime:units days --> realunit days
2017-06-01 09:09:50,287:DEBUG:parsedatetime:return
2017-06-01 09:09:50,287:INFO:certbot.renewal:Cert not yet due for renewal
2017-06-01 09:09:50,290:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-06-01 09:09:50,290:DEBUG:parsedatetime:CRE_UNITS matched
2017-06-01 09:09:50,290:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-06-01 09:09:50,290:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-06-01 09:09:50,290:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-06-01 09:09:50,290:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=6, tm_mday=1, tm_hour=9, tm_min=9, tm_sec=50, tm_wday=3, tm_yday=152, tm_isdst=0))
2017-06-01 09:09:50,290:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-06-01 09:09:50,290:DEBUG:parsedatetime:units days --> realunit days
2017-06-01 09:09:50,290:DEBUG:parsedatetime:return
2017-06-01 09:09:50,290:INFO:certbot.renewal:Cert not yet due for renewal
2017-06-01 09:09:50,291:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-06-01 09:09:50,291:DEBUG:parsedatetime:CRE_UNITS matched
2017-06-01 09:09:50,292:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-06-01 09:09:50,292:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-06-01 09:09:50,292:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-06-01 09:09:50,292:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=6, tm_mday=1, tm_hour=9, tm_min=9, tm_sec=50, tm_wday=3, tm_yday=152, tm_isdst=0))
2017-06-01 09:09:50,292:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-06-01 09:09:50,292:DEBUG:parsedatetime:units days --> realunit days
2017-06-01 09:09:50,292:DEBUG:parsedatetime:return
2017-06-01 09:09:50,292:INFO:certbot.renewal:Cert not yet due for renewal
2017-06-01 09:09:50,293:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-06-01 09:09:50,293:DEBUG:parsedatetime:CRE_UNITS matched
2017-06-01 09:09:50,293:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-06-01 09:09:50,293:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-06-01 09:09:50,293:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-06-01 09:09:50,293:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=6, tm_mday=1, tm_hour=9, tm_min=9, tm_sec=50, tm_wday=3, tm_yday=152, tm_isdst=0))
2017-06-01 09:09:50,293:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-06-01 09:09:50,293:DEBUG:parsedatetime:units days --> realunit days
2017-06-01 09:09:50,293:DEBUG:parsedatetime:return
2017-06-01 09:09:50,293:INFO:certbot.renewal:Cert not yet due for renewal
2017-06-01 09:09:50,295:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-06-01 09:09:50,295:DEBUG:parsedatetime:CRE_UNITS matched
2017-06-01 09:09:50,295:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-06-01 09:09:50,295:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-06-01 09:09:50,295:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-06-01 09:09:50,295:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=6, tm_mday=1, tm_hour=9, tm_min=9, tm_sec=50, tm_wday=3, tm_yday=152, tm_isdst=0))
2017-06-01 09:09:50,295:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-06-01 09:09:50,295:DEBUG:parsedatetime:units days --> realunit days
2017-06-01 09:09:50,295:DEBUG:parsedatetime:return
2017-06-01 09:09:50,296:INFO:certbot.renewal:Cert not yet due for renewal
2017-06-01 09:09:50,297:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-06-01 09:09:50,297:DEBUG:parsedatetime:CRE_UNITS matched
2017-06-01 09:09:50,297:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-06-01 09:09:50,297:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-06-01 09:09:50,297:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-06-01 09:09:50,297:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=6, tm_mday=1, tm_hour=9, tm_min=9, tm_sec=50, tm_wday=3, tm_yday=152, tm_isdst=0))
2017-06-01 09:09:50,297:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-06-01 09:09:50,297:DEBUG:parsedatetime:units days --> realunit days
2017-06-01 09:09:50,297:DEBUG:parsedatetime:return
2017-06-01 09:09:50,297:INFO:certbot.renewal:Cert not yet due for renewal
2017-06-01 09:09:50,299:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-06-01 09:09:50,299:DEBUG:parsedatetime:CRE_UNITS matched
2017-06-01 09:09:50,299:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-06-01 09:09:50,299:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-06-01 09:09:50,299:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-06-01 09:09:50,299:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=6, tm_mday=1, tm_hour=9, tm_min=9, tm_sec=50, tm_wday=3, tm_yday=152, tm_isdst=0))
2017-06-01 09:09:50,299:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-06-01 09:09:50,299:DEBUG:parsedatetime:units days --> realunit days
2017-06-01 09:09:50,299:DEBUG:parsedatetime:return
2017-06-01 09:09:50,299:INFO:certbot.renewal:Cert not yet due for renewal
2017-06-01 09:09:50,301:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-06-01 09:09:50,301:DEBUG:parsedatetime:CRE_UNITS matched
2017-06-01 09:09:50,301:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-06-01 09:09:50,301:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-06-01 09:09:50,301:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-06-01 09:09:50,301:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=6, tm_mday=1, tm_hour=9, tm_min=9, tm_sec=50, tm_wday=3, tm_yday=152, tm_isdst=0))
2017-06-01 09:09:50,301:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-06-01 09:09:50,301:DEBUG:parsedatetime:units days --> realunit days
2017-06-01 09:09:50,301:DEBUG:parsedatetime:return
2017-06-01 09:09:50,301:INFO:certbot.renewal:Cert not yet due for renewal
2017-06-01 09:09:50,303:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-06-01 09:09:50,303:DEBUG:parsedatetime:CRE_UNITS matched
2017-06-01 09:09:50,303:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-06-01 09:09:50,303:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-06-01 09:09:50,303:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-06-01 09:09:50,303:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=6, tm_mday=1, tm_hour=9, tm_min=9, tm_sec=50, tm_wday=3, tm_yday=152, tm_isdst=0))
2017-06-01 09:09:50,303:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-06-01 09:09:50,303:DEBUG:parsedatetime:units days --> realunit days
2017-06-01 09:09:50,303:DEBUG:parsedatetime:return
2017-06-01 09:09:50,303:INFO:certbot.renewal:Cert not yet due for renewal
2017-06-01 09:09:50,305:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-06-01 09:09:50,305:DEBUG:parsedatetime:CRE_UNITS matched
2017-06-01 09:09:50,305:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-06-01 09:09:50,305:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-06-01 09:09:50,305:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-06-01 09:09:50,305:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=6, tm_mday=1, tm_hour=9, tm_min=9, tm_sec=50, tm_wday=3, tm_yday=152, tm_isdst=0))
2017-06-01 09:09:50,305:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-06-01 09:09:50,305:DEBUG:parsedatetime:units days --> realunit days
2017-06-01 09:09:50,305:DEBUG:parsedatetime:return
2017-06-01 09:09:50,305:INFO:certbot.renewal:Cert not yet due for renewal
2017-06-01 09:09:50,306:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-06-01 09:09:50,307:DEBUG:parsedatetime:CRE_UNITS matched
2017-06-01 09:09:50,307:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-06-01 09:09:50,307:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-06-01 09:09:50,307:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-06-01 09:09:50,307:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=6, tm_mday=1, tm_hour=9, tm_min=9, tm_sec=50, tm_wday=3, tm_yday=152, tm_isdst=0))
2017-06-01 09:09:50,307:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-06-01 09:09:50,307:DEBUG:parsedatetime:units days --> realunit days
2017-06-01 09:09:50,307:DEBUG:parsedatetime:return
2017-06-01 09:09:50,307:INFO:certbot.renewal:Cert not yet due for renewal
2017-06-01 09:09:50,308:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-06-01 09:09:50,308:DEBUG:parsedatetime:CRE_UNITS matched
2017-06-01 09:09:50,308:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-06-01 09:09:50,308:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-06-01 09:09:50,309:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-06-01 09:09:50,309:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=6, tm_mday=1, tm_hour=9, tm_min=9, tm_sec=50, tm_wday=3, tm_yday=152, tm_isdst=0))
2017-06-01 09:09:50,309:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-06-01 09:09:50,309:DEBUG:parsedatetime:units days --> realunit days
2017-06-01 09:09:50,309:DEBUG:parsedatetime:return
2017-06-01 09:09:50,309:INFO:certbot.renewal:Cert not yet due for renewal
2017-06-01 09:09:50,309:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.10.2’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 849, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 655, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python2.7/dist-packages/certbot/renewal.py”, line 430, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)

And something more:
ls -la /bin/sh
lrwxrwxrwx 1 root root 4 ноя 8 2014 /bin/sh -> dash
Can this be the reason for that behavior - failed from dash and succeded from bash?

schoen · June 1, 2017, 4:32pm

Hi @baddroid,

The problem is that your copy of Certbot can’t connect to https://acme-v01.api.letsencrypt.org/directory for some reason. It would be good to do other tests to figure out the connectivity problem. For example, can you access it with curl? Is there any pattern in when you can or can’t connect to the API?

This service is hosted for Let’s Encrypt by the Akamai CDN, and if it turns out to be a network connectivity problem, we can ask people from Akamai to look into that.

A much more minimal test case would be

python -c 'import requests; print(requests.get("https://acme-v01.api.letsencrypt.org/directory"))'

If it works, you should see <Response [200]>, while if it fails, you can see an error such as the “Failed to establish a new connection” error that you saw before.

baddroid · June 2, 2017, 7:21am

Thanks for your reply, @schoen.
I've made some tests on my system:

with curl https://acme-v01.api.letsencrypt.org/directory I've got:
{
"key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
"revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
with python -c 'import requests; print(requests.get("https://acme-v01.api.letsencrypt.org/directory"))' I've got: <Response [200]>

The problem only occurs when starting from the automatic mode and has a permanent character.

ahaw021 · June 2, 2017, 12:42pm

hi @baddroid

Not teaching you how to suck eggs but the testing you are doing is not in line with what you are doing with certbot.

The command you are using && perl -e 'sleep int(rand(3600))'

When you use curl and python you should include this as well. My suspicion is that this is an Operating System related issue rather a library issue.

Have a look at this chain where someone was doing something similar to what you are doing

Andrei

schoen · June 6, 2017, 12:26am

That doesn't make much sense to me. The purpose of this Perl command is to wait a random number of seconds so that the renewal happens at a random time within the hour. It doesn't affect Certbot's behavior. Including this will cause the test to take a random additional amount of time before beginning.

GusevVictor · June 26, 2017, 11:18am

Dear all. I use certbot in a lxc container Debian 8.

My container does not have systemd daemon:

ls /run/systemd/system
no such file or directory

I have this error message when it run from a cron job:

test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew

Attempting to renew cert from /etc/letsencrypt/renewal/jr.company.ru.conf produced an unexpected error: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org',
+port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f9ddc996450>:
+Failed to establish a new connection: [Errno -2] Name or service not known',)). Skipping.

I will be good for any help to me.

Best regards,
Victor

schoen · June 26, 2017, 3:46pm

Hi @GusevVictor,

This is showing that the application inside your container can’t do a DNS lookup for the hostname acme-v01.api.letsencrypt.org. This could be caused by a DNS misconfiguration of the container, or by a firewall (on your server or on a company network?) that prevents outbound connections unless hosts are whitelisted.

You can check the ability to resolve this name with host acme-v01.api.letsencrypt.org and ping acme-v01.api.letsencrypt.org, both inside the container and outside the container. This service is proxied by the Akamai CDN. If you can’t reach it and you’re sure that it’s not any kind of local firewall problem or local DNS resolver problem, we can also get in touch with Akamai to try to diagnose why not.

system · July 26, 2017, 3:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[SOLVED] Certbot on Ubuntu - Cron Job Configuration Not Working As Expected - Work when Command is Run in shell Help	5	1542	September 2, 2017
Certbot command fails from cronjob, but works fine when I run it manually Help	9	1938	May 28, 2021
Certbot cron job failed Server	5	2469	July 23, 2017
Renew from cron fails, renew from command line works fine Help	3	642	September 4, 2019
Crontab job renewal Server	4	3575	May 20, 2018

Certbot on Debian - Cron Job Configuration Not Working As Expected - Work when Command is Run in Bash

Related topics