Hi,
I’ve been using letsencrypt package in an Ubuntu 16.04 VPS server with 1GB RAM for several month without any significan issue until now. I can’t tell exactly the point when ‘letsencrypt’ old package started to fail, dying suddendly due to a low memory condition, but after looking for a solution here and this forum, I decided to upgrade to the new certbot package following the intructions given in certbot’s page: remove old letsencrypt package, add PPA and install the new certbot package. This had no effect, the problem remain the same: low memory.
The server has 1Gb and another 1Gb of swap, so I added an aditional space of swap, but it kept failing. Another aditional 2 Gb swap made the trick and finally certbot started to run… for a long long time.
Running ‘certbot renew -vvv --no-self-upgrade’ takes over 2 hours to renew 2 certs. As seen in the log, certbot takes over 2 hours just to start parsing apache:
2017-06-04 20:07:05,220:DEBUG:certbot.log:Root logging level set at -10
2017-06-04 20:07:05,221:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-06-04 20:07:05,239:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2017-06-10 11:23:00 UTC.
2017-06-04 20:07:05,240:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2017-06-04 20:07:05,240:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2017-06-04 20:07:05,852:DEBUG:certbot_apache.configurator:Apache version is 2.4.18
2017-06-04 22:11:38,247:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.configurator:ApacheConfigurator
Initialized:
Prep: True
2017-06-04 22:11:38,409:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
So now it is running, but it seems to be very memory and computing demanding procedure, that don’t seems to be normal.
Sadly, there is an issue with one of the certs so I’m not already done with cartbots, and a 2 hour run doesn’t helps.
I’ve been looking for memory related issues, but all the related post are old, and no mention of long run issues.
I really need an advice or a clue to keep going, certs will due in a couple of days.
TIA
certbot should not take that much memory - it definitely has a problem.
uninstall/reinstall if needed.
side note: I personally don’t use swap files - if it doesn’t fit into memory… don’t run it or get more memory - lol
to disable swapfile use
try:
swapoff -a;
Do you have any idea why it might take so long? Megabytes of intricate Apache configuration files? How efficiently does Apache work? How long does it take to start, for example?
Whatever the reason, you can switch to “certbot certonly --webroot” and manually configuring the certificates in order to bypass Certbot’s entire Apache configuration parsing machinery. If nothing else is malfunctioning absurdly, that should be efficient again.
Hi rg305,
Not running is not a solution. I need to renew the certs asap. Adding memory an patience did the trick.
Reinstalliing didnt change the situation, In fact, i installed certbot to replace letsecrypt previous package, that was running fine for several months until now.
The VPS has 1 Gb ram, usually it would be enough but not in this case. The swap was provided just for running certbot, then it was disabled.
The problem is NOT the config or sth external, it is the certbot. It has been running for almost a year without any issue.
Apache and the whole system works fine, there is no problems. Apache config is reallly simple, just 100 lines counting extensive comments.There is no doubt about it is the certbot what takes so long and eates so much memory. It looks like the new certbot uses a python package that is responsible of downloading and compiling a large addon in the background, that previous versions used it in compiled form.
May be someone got to solve the same problem, so that was why i asked here.
Hi jsha
I have 2 certificates working fine for odontoweb.fourtech.es and gestion.fourtech.es.
I put a piece of the log in the first post of the thread from a successful run, only that it took over 2 hours to run, but finally it did it.
Please note that the longest record in the log was
2017-06-04 20:07:05,852:DEBUG:certbot_apache.configurator:Apache version is 2.4.18
2017-06-04 22:11:38,247:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
After going throw this step, things go normally, besides the almost 4 Gb of memory required to run, as seen in the first post image.
This is only really useful if @bmw is interested in the results, but if certbot grows very large and it’s unclear why it may be worth examining it (while running) with my leakdice program.
This program shows what is in a random block of the heap of another process, if it has grown enormously then random blocks will most likely contain whatever is using up that space. If it’s text you can read it, otherwise it will need additional insight to understand what’s in the block.
Another possibility: Even though your Apache config is small and was parsed easily by earlier versions of the configurator, it’s possible that the current Certbot has specific problems with it. Would you mind posting your Apache config, along with any files referenced by Include directives?
