Cronjob fails, but manual renewal works

Hello,

I am using LE on my NextCloud server and it works perfectly, exact for the renewal attempts by cron. Every cronjob (as root, once a week) fails with this message:

Processing /etc/letsencrypt/renewal/mydomain.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/mydomain.de/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

But when I ssh into the machine later and renew the cert manually as root, the renewal is done without error:

:~# certbot renew 
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mydomain.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mydomain.de
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/mydomain.de/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:

When called by cron, there is no error to be found in the log. The script called by cron does this (among other things):

   if [ $(date +%u) -eq 6 ];
   then
        service nginx stop
        sync
        certbot renew 
        service nginx start
   fi

These commands are the last ones in a serious of other commands, doing backups and maintenance work. All these commands never take the same amount of time, so these last commands are never called at exactly the same time. And besides, as you can see in the log above, certbot itself invokes another random sleep:

2020-01-25 03:48:18,832:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2020-01-25 03:48:18,833:INFO:certbot.renewal:Non-interactive renewal: random delay of 304 seconds

No server overload should be caused that way.

This sequence of commands is the same that I use after ssh’ing into the machine. (Without the conditional clause, of course. :wink: ) It seems there’s something that cron does slightly different compared to the interactive login shell. Could it be the missing PATH variable? Does the command certbot need any external components, that are not within cron’s reach?

What's your actual domain?

Are both stdout and stderr being saved? It looks like it's missing most of the output.

Can you post the /var/log/letsencrypt/ logs from one of the runs where it fails?

I’d rather not post those information here in public. Can I send them to you in private?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.