Hello,
I am using LE on my NextCloud server and it works perfectly, exact for the renewal attempts by cron. Every cronjob (as root, once a week) fails with this message:
Processing /etc/letsencrypt/renewal/mydomain.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mydomain.de/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
But when I ssh into the machine later and renew the cert manually as root, the renewal is done without error:
:~# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mydomain.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mydomain.de
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/mydomain.de/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded. The following certs have been renewed:
When called by cron, there is no error to be found in the log. The script called by cron does this (among other things):
if [ $(date +%u) -eq 6 ];
then
service nginx stop
sync
certbot renew
service nginx start
fi
These commands are the last ones in a serious of other commands, doing backups and maintenance work. All these commands never take the same amount of time, so these last commands are never called at exactly the same time. And besides, as you can see in the log above, certbot itself invokes another random sleep:
2020-01-25 03:48:18,832:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2020-01-25 03:48:18,833:INFO:certbot.renewal:Non-interactive renewal: random delay of 304 seconds
No server overload should be caused that way.
This sequence of commands is the same that I use after ssh’ing into the machine. (Without the conditional clause, of course. 
) It seems there’s something that cron does slightly different compared to the interactive login shell. Could it be the missing PATH variable? Does the command certbot need any external components, that are not within cron’s reach?