Cron Renewal of Certs Not Working

There is over 12,000 lines of output. Should I past it here?

OMG! Been up for a while ? !!
Wait. Lets see if there is a cron systemd timer expert awake!
Your cert is not quite ready to renew. So there is some time. I fall on "trust the technology" but there is no harm in verifying the configuration at all.

7 Likes

Yep Been up for a while! LOL!

Thanks!

2 Likes

I need to step out for ten minutes.

8 Likes

Understand.

That's problematic.
Let's see:
ls -l /etc/letsencrypt/live/actngop.org/*

6 Likes

@rg305 .. I believe there are broken symlinks here.

4 Likes

Yes, I expect to see that.

6 Likes

hmm...
Maybe we could omit the /archive/ folder?

6 Likes

This site has been taken down. I no longer use it or need it. However, here is your request.
ls -l /etc/letsencrypt/live/actngop.org/*
-rw-r--r-- 1 root root 1927 Mar 22 2020 /etc/letsencrypt/live/actngop.org/cert.pem
-rw-r--r-- 1 root root 1647 Mar 22 2020 /etc/letsencrypt/live/actngop.org/chain.pem
-rw-r--r-- 1 root root 3574 Mar 22 2020 /etc/letsencrypt/live/actngop.org/fullchain.pem
-rw-r--r-- 1 root root 1704 Mar 22 2020 /etc/letsencrypt/live/actngop.org/privkey.pem
-rw-r--r-- 1 root root 692 Mar 22 2020 /etc/letsencrypt/live/actngop.org/README

Then it needs to "Get out of the way!" - LOL
If you are 100% certain of that, try removing the renewal conf file, with:
rm /etc/letsencrypt/renewal/actngop.org.conf

Then retry the dry run renewal.

Also, none of those are sym-links!

7 Likes

Comanches say "Haww! Ura! T'sa!"

6 Likes

OK I am removing all the sites do not need give a few minutes.

2 Likes

I hear ya!
So we are looking for

The error was: expected /etc/letsencrypt/live/actngop.org/cert.pem to be a symlink

We should disgard unwanted domains, and concentrate on what you are trying to accomplish.
So please refresh us on which domains are moving forward and which domains are irrelevant.

Is actngop.org the domain you are concerned with? Or what. Please advise so we don't digress.

6 Likes

OK am removing irrelevant domains. actngop dot org is of no concern. I have certs for the domains I am concerned with. I am merely attempting to trouble shoot cron so in the feature cron will automatically update the certs.

1 Like

How exactly?

5 Likes

Ok We get it now.
Lets look at your cronjobs.

crontab -l

May have to change user...

systemctl list-timers

Lets look at these and we'll know more.

6 Likes

rm /etc/letsencrypt/renewal/irrevelant-sites.org.conf

1 Like

Ok, perfect!
This needs a retry:

6 Likes

@rg305

I removed the irrelevant sites. Here is the dry-run

root@genesis:/etc/letsencrypt/renewal# PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/allenintech.com-0002.conf


Simulating renewal of an existing certificate for allenintech.com


Processing /etc/letsencrypt/renewal/kibana.allenintech.com.conf


Simulating renewal of an existing certificate for kibana.allenintech.com
Failed to renew certificate kibana.allenintech.com with error: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.


Processing /etc/letsencrypt/renewal/nextcloud.allenintech.com-0001.conf


Simulating renewal of an existing certificate for nextcloud.allenintech.com and www.nextcloud.allenintech.com


Processing /etc/letsencrypt/renewal/www.elasticsearch.allenintech.com.conf


Simulating renewal of an existing certificate for www.elasticsearch.allenintech.com and elasticsearch.allenintech.com
Failed to renew certificate www.elasticsearch.allenintech.com with error: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.


Processing /etc/letsencrypt/renewal/www.kibana.allenintech.com.conf


Simulating renewal of an existing certificate for kibana.allenintech.com and www.kibana.allenintech.com


The following simulated renewals succeeded:
/etc/letsencrypt/live/allenintech.com-0002/fullchain.pem (success)
/etc/letsencrypt/live/nextcloud.allenintech.com-0001/fullchain.pem (success)
/etc/letsencrypt/live/www.kibana.allenintech.com/fullchain.pem (success)

The following simulated renewals failed:
/etc/letsencrypt/live/kibana.allenintech.com/fullchain.pem (failure)
/etc/letsencrypt/live/www.elasticsearch.allenintech.com/fullchain.pem (failure)


2 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
root@genesis:/etc/letsencrypt/renewal#

1 Like