Difference between certbot-renew as timer/cron and manual run?

uppsju · March 29, 2022, 1:54pm

I have a Debian 10 system acting as a load balancer.

Upon certificate renewal when run as a cron job/systemd timer, I get the following message:
2022-03-29 11:40:31,438:WARNING:certbot.renewal:Attempting to renew cert (spfe00.fuettertdasnetz.de) from /etc/letsencrypt/renewal/spfe00.fuettertdasnetz.de.conf produced an unexpected error: Requesting acme-v02.api.letsencrypt.org/directory: Network is unreachable. Skipping.
2022-03-29 11:40:31,439:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 159, in _new_conn
(self._dns_host, self.port), self.timeout, **extra_kw)
File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 80, in create_connection
raise err
File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 70, in create_connection
sock.connect(sa)
OSError: [Errno 101] Network is unreachable

However, if I run the manual renewal as "sudo certbot renew" I have no issues and the certificate is renewed successfully (dry-run or otherwise).

I realise there must be a network/firewall/configuration issue on my end, but I do not understand why I run into an issue when it's a systemd timer / cron job. Any ideas?

Nummer378 · March 29, 2022, 2:13pm

Are you using a proxy? If so, are you setting that proxy via enviroment variables?

uppsju · March 29, 2022, 2:23pm

Yes, running a HTTPS proxy and this is set in the environment variables.

Nummer378 · March 29, 2022, 2:24pm

Where exactly are you setting that enviroment? The systemd timer probably doesn't have it.

uppsju · March 29, 2022, 2:29pm

It's set in /etc/environment

Nummer378 · March 29, 2022, 6:53pm

That explains things.

Please see systemd - Env vars in /etc/environment not globally visible? - Unix & Linux Stack Exchange

uppsju · March 30, 2022, 9:26am

Thanks for the link. I tried various solutions, such as editing the certbot service with systemd overrides, etc, but I couldn't quite figure it out. In the end I did a manual renew and this worked for now.

Nummer378 · March 30, 2022, 12:18pm

I believe you just need to set

DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"

in /etc/systemd/system.conf (Manager section) to have systemd apply that enviroment variables globally to services. Note that changes to that file probably require a restart of the systemd daemon (# sudo systemctl daemon-reexec).

9peppe · March 30, 2022, 4:38pm

This might be interesting: environment.d

system · April 29, 2022, 4:39pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.