Hello,
I have a problem that in 1 of our servers the cronjob
"30 3 * * * certbot renew --quiet --post-hook 'systemctl reload nginx'"
but it does not renew.. and I dont know how to fix this because we dont know what changed, because it worked before.
Also, there are no letsencrypt.log from that time
When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
There should be a log somewhere. Also, the --quiet option should output errors to cron, so you should have a failed cronjob email with the Certbot output.
domain: samson-it.local (it is an internal server)
I ran this command: Its a cronjob, I ran nothing, But the cronjob looks like this
#Ansible: Certbot renewals
30 3 * * * certbot renew --quiet --post-hook 'systemctl reload nginx'
It produced this output:
Feb 1 03:30:01 sit-svr-11 CRON[2073686]: (root) CMD (certbot renew --quiet --post-hook 'systemctl reload nginx')
My web server is: I dont have 1, its a server with multiple webservers on it
The operating system my web server runs on is: The debian version of the server is 11.2
My hosting provider, if applicable, is: I dont know
I can login to a root shell on my machine: Yes, the cronjob is on the root user, not ansible user
I'm using a control panel to manage my site: Nope
Certbot version: certbot 2.7.4
Also, I dont know where the logs are, I cant do anything with "The logs are somewhere". There is no mail configured inside this server
By default, Certbot logs to /var/log/letsencrypt/letsencrypt.log. Without an Certbot output, there's not really something we can do. If you really can't find the log file (which would be quite weird), you could remove the --quiet from the cron command and add the -vv option and output the Certbot output with > to a file.
That said, you could also simply run sudo certbot renew -vv
Try using the absolute path for certbot.
Why are you using --post-hook instead of --deploy-hook ?
You marked your last post as the Solution. Have you resolved your problem?
If not, I would test the renew command manually at the command prompt. Using --dry-run will not affect your existing production certs. Once we know that works we can focus on the cron part of the problem.
Show us the results of
sudo certbot renew --dry-run
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.