Certbot renew fails

Help
1

Hello everybody,
by launching the:
#certbot renew command I get the renewal of the certificate.
By inserting the command in my crontab, the renewal does not take place:
30 2 * * * / usr / bin / certbot renew >> /var/log/lets-encrypt/poriburano.it_renew.log

LSB Version: :core-4.1-amd64:core-4.1-noarch
Distributor ID: CentOSStream
Description: CentOS Stream release 8
Release: 8
Codename: n/a

Thank you

2

Please post the content of the log file /var/log/lets-encrypt/poriburano.it_renew.log.

3 Likes
3

Did you create the /var/log/lets-encrypt/ folder? (with a dash)
Or did you want it in the certbot log folder: /var/log/letsencrypt/

3 Likes
4

yessss

5
6

Weird log. When a renewal is NOT due, it saves the output. But when the renewal, apparently, IS due, the log file does not report anything.

Possibly the output of those renewals are to stderr instead of stdout. You might want to add 2>&1 to the command, which will redirect stderr to stdout and thus into the log file.

4 Likes
7

Is there any certbot log for these failures in /var/log/letsencrypt/ ?
Perhaps there is further clues

Usually if certbot renew works from command line but not in cron it is because the different shell cron runs in. Most commonly because of different PATH in command shell and cron.

Can you show us the renewal conf file for this cert in

/etc/letsencrypt/renewal/
3 Likes
8

30 2 * * * / usr / bin / certbot renew >> /var/log/lets-encrypt/poriburano.it_renew.log 2> & 1

We will see at the next renewal. At the moment thank you very much for your support

2 Likes
9

@MikeMcQ
I can't find the / letsencrypt / renewal / directory in / etc

10

Hmmm. What does this show?

ls -l /etc/letsencrypt/renewal
3 Likes
11

root@srv01.poriburano.web:# ls -l /etc/letsencrypt/renewal
totale 4
-rw-r--r--. 1 root root 522 4 set 18.18 poriburano.it.conf
root@srv01.poriburano.web:#

12

can you show contents of this file? (I am looking for the options you use for cert renew)

/etc/letsencrypt/renewal/poriburano.it.conf
2 Likes
13 
# renew_before_expiry = 30 days
version = 1.22.0
archive_dir = /etc/letsencrypt/archive/poriburano.it
cert = /etc/letsencrypt/live/poriburano.it/cert.pem
privkey = /etc/letsencrypt/live/poriburano.it/privkey.pem
chain = /etc/letsencrypt/live/poriburano.it/chain.pem
fullchain = /etc/letsencrypt/live/poriburano.it/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = 6338286c8b7dec59590a4cc0ba307e59
authenticator = nginx
installer = nginx
server = https://acme-v02.api.letsencrypt.org/directory
14

Thanks. Nothing unusual there.

4 Likes
15

Do you literally have spaces in / usr / bin / certbot in your crontab file? That would make the crontab unable to find the command (the correct path being /usr/bin/certbot).

16

@schoen
perhaps by copying and pasting the editor has inserted spaces, but in reality there are none
I made you a print screen of the crontab

immagine
immagine755×31 2.43 KB

Thank you

1 Like
17

Also, just out of curiosity, what is the current system time on your server? (for example the output of date)

I would also like to see the output of the subsequent logs when you have those.

18

root@srv01.poriburano.web:# date
mer 14 set 2022, 18.01.02, CEST
root@srv01.poriburano.web:#

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/poriburano.it.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
  /etc/letsencrypt/live/poriburano.it/fullchain.pem expires on 2022-12-03 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/poriburano.it.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
  /etc/letsencrypt/live/poriburano.it/fullchain.pem expires on 2022-12-03 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/poriburano.it.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
  /etc/letsencrypt/live/poriburano.it/fullchain.pem expires on 2022-12-03 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Saving debug log to /var/log/letsencrypt/letsencrypt.log

One question ... can I put the date for each line in the log file when it is written?

19

Check the file:

[it should have date/times]

It looks like your system is a few minutes behind.

1 Like
20

The date is correct

1 Like