Hello, I am in new on Let's encrypt, and the cron in charge of cerbot gives error.
I think my cerbot package is maybe out of date, maybe upadtes problems with packports.
Anyway, that is my situation :
My domain is:
I ran this command:
root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew
It produced this output:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA
My web server is (include version):
Apache 2.4.10
The operating system my web server runs on is (include version):
I think that in this case you have to issue a new request to letsencrypt and certbot should switch to http-01. If you donât know how to do that you could post your /etc/letsencrypt/renewal/www.conservatoirevegetal.com.conf and it could be possible to figure out the correct command line from there.
Note: I donât know if the account is considered confidential data but itâs all right to remove it before posting the file, itâs not used to request a new certificate.
Also it could be a great occasion to add at least the plain URL (not www) on your certificate so that accessing by https://conservatoirevegetal.com works as well - the guy who did setup this for you was not a fervent partisan of excessive effort thatâs clear
certbot-auto works just as well with cron, you just have to take care of the path (as always with cron). Just verified: in my cron I set the full path. Something like
root is not part of the command, it's just the user running the command
-x /usr/local/bin/certbot-auto ==> test if certbot-auto is executable
-a ==> operator AND
- ! -d /run/systemd/system ==> test if systemd is managing the computer
so: the following is executed if certbot is executable and there is no systemd.
Systemd can be used with certbot install procedure to setup a systemd timer that is running certbot instead of cron. If you have uninstalled system certbot, you have to check that the systemd timer has been removed by running
systemctl list-timers
if there is a timer active, it will try to run the old certbot and your crontab will not run.
I guess that is not happening since your cron has errors (if it did not run it would not display errors I guess). Remove the -a ! -d /run/systemd/system anyway.
Something troubling is that you are testing for existence of certbot-auto at a specific path but you are not using it to launch it.
If you add the path for launching certbot-auto, remove the -q option as said by @JuergenAuer
First off all I have verified the systemd-timer, and yes it is still available
NEXT LEFT LAST PASSED UNIT ACTIVATES
jeu. 2019-06-20 16:05:01 CEST 1h 39min left mer. 2019-06-19 16:05:01 CEST 22h ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
ven. 2019-06-21 00:00:00 CEST 9h left jeu. 2019-06-20 12:00:01 CEST 2h 25min ago certbot.timer certbot.service
2 timers listed.
? So does that mean that systemd-timer is used only for cerbot, and I can remove it without problem for others jobs ?
I have removed -q, and I have the same output
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Attempting to parse the version 0.35.0 renewal configuration file found at /etc/letsencrypt/renewal/admin.conservatoirevegetal.com.conf with version 0.10.2 of Certbot. This might not work.
Attempting to parse the version 0.35.0 renewal configuration file found at /etc/letsencrypt/renewal/pma.conservatoirevegetal.com.conf with version 0.10.2 of Certbot. This might not work.
That means that you have still 2 different versions of certbot and you are creating certificates with the most recent version and trying to renew with the old (very old !). If you prefer to use certbot-auto thatâs your call but remove the certbot installed from packages in this case.
It should remove the crontab entry and the systemd timer. Do NOT apt purge !!!.
Then create a crontab entry yourself and it can be simply
/path/to/certbot/certbot-auto renew
In case you wonder what is /path/to/certbot thatâs the place where you did copy certbot-auto
if you want to be nice with letsencrypt just recopy the perl stuff to randomize the process start. You can do that when you are sure renewal works.
I just donât understand what you can mean by that. Donât delete anything unless you know what you are doing.
just run
dpkg --get-selections | grep certbot
and report the results since your previous post about âI foundâ is followed by something I donât understand either.
I guess that the âinstalled localâ stuff means that it was installed from a .deb file. The man page is not exactly talkative about it
Donât mean that it can just removed like that by deleting the files.
Seems strange that you canât remove it with sudo apt remove, though.
What gives
apt-cache show certbot
and
apt policy certbot
is not the theory that if you install with apt from a .deb file, it installs dependencies ? if it's removed with dpkg, will the dependencies not be broken ?