Certbot renew not working when testing

Please check the options:

Use “other”

I don’t see any “options” and I do not see any reference to “Other”.
In what context do you mean “other”?

I see selection boxes in which I have selected Apache in the first and Ubuntu 18.04 LTS in the other. Then the page changes appearance but still no Other or Options.

There

is an “Ubuntu (other)”.

OK thanks!
Do I need to first uninstall certbot which I got from apt and start over with certbot-auto?
In that case will by certs disappear?

I went ahead and followed the instructions to install certbot-auto through wget.
After I was done I ran the renew command but this time using certbot-auto (which is version 0.37.1 while certbot is at 0.31.0):

$ sudo certbot-auto renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/svn.boberglund.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for svn.boberglund.com
Cleaning up challenges
Attempting to renew cert (svn.boberglund.com) from /etc/letsencrypt/renewal/svn.boberglund.com.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Input the webroot for svn.boberglund.com:. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/svn.boberglund.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/svn.boberglund.com/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

As you can see it fails much the same as certbot did. It still seems like it won’t recognize the webroot I edited into the conf file…

The conf file (/etc/letsencrypt/renewal/svn.boberglund.com.conf) reads as follows:

# renew_before_expiry = 30 days
version = 0.31.0
archive_dir = /etc/letsencrypt/archive/svn.boberglund.com
cert = /etc/letsencrypt/live/svn.boberglund.com/cert.pem
privkey = /etc/letsencrypt/live/svn.boberglund.com/privkey.pem
chain = /etc/letsencrypt/live/svn.boberglund.com/chain.pem
fullchain = /etc/letsencrypt/live/svn.boberglund.com/fullchain.pem
webroot-path = /var/www/svn.boberglund.com/public_html

# Options used in the renewal process
[renewalparams]
account = b5058df1c-xxxxxx-fe263dcd9e9
pref_challs = http-01,
authenticator = webroot
webroot-path = /var/www/svn.boberglund.com/public_html
server = https://acme-v02.api.letsencrypt.org/directory

As you can see the webroot is actually entered twice in this file but it still cannot find the setting… :frowning:

cli.ini and renewal configuration files don’t use exactly the same syntax.

The file should be something like:

# renew_before_expiry = 30 days
version = 0.31.0
archive_dir = /etc/letsencrypt/archive/svn.boberglund.com
cert = /etc/letsencrypt/live/svn.boberglund.com/cert.pem
privkey = /etc/letsencrypt/live/svn.boberglund.com/privkey.pem
chain = /etc/letsencrypt/live/svn.boberglund.com/chain.pem
fullchain = /etc/letsencrypt/live/svn.boberglund.com/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = b5058df1c-xxxxxx-fe263dcd9e9
pref_challs = http-01,
authenticator = webroot
webroot_path = /var/www/svn.boberglund.com/public_html,
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]
svn.boberglund.com = /var/www/svn.boberglund.com/public_html
video.boberglund.com = /some/path

The webroot_path setting should be unnecessary if the webroot_map section is filled out for every hostname in the certificate. (Conversely, I think you can leave out the webroot_map section, but Certbot doesn’t when generating files itself.)

Thanks a million!
After the edits you suggested the command:
sudo certbot-auto renew --dry-run
finished successfully! :slight_smile: :grin:
Last remaining item is to set up the automatic renewal which is somewhat strangely described as executing:
$ echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | sudo tee -a /etc/crontab > /dev/null
Will this actually work as a normal user, shouldn’t it be preceded by sudo?
Why is not crontab -e used instead?
And what exactly does this do?