Error when crontab with --force-renew


#1

So i managed to setup letsencrypt with success on my machine (Ubuntu 16.04) and when i was setting up the auto renew i made this:
letsencrypt renew --force-renew
tested it on terminal and it worked.
Then i copied that and pasted on the crontab to run on day 1 of each month
0 1 1 * * letsencrypt renew --force-renew
It did run but not successfully
Here is the log (1st December)
http://pastebin.com/UZy68LJn
Note: changed all the domains to random ones.


#2

My first question would be why are you using --force-renew ? if you just do the “renew” then it will renew those certificates that need it, and not any others. That way it can be run on a daily basis.

Secondly, it looks like an older version of letsencrypt / certbot (version 0.4.1) I’m not sure what the latest version in the Ubuntu 16.06 package is, but might be worth checking you are uptodate. ( that worked on the same error - Fails when running cronjob )

On the error message itself, it’s almost certainly related to the PATH variable which is different in cron than when logged in as a user - see https://github.com/certbot/certbot/issues/1833


#3

I agree; using --force-renew in cron is not usually a good idea because it doesn’t consider whether certificates are near expiry.

In this case with 0 1 1 * * it would only run on the first day of a month, which isn’t quite as bad: so it would try to renew all of your certificates on the first day of every month, regardless of how old they are. Still, I think the default behavior of renew is preferable for almost everyone (it only tries to renew those certificates that will expire in under 30 days). This behavior is generally safe to run every day rather than every month.


#4

I tried with that on the past without success, so figured to test if that with force-renew so i now that it worked/not worked

Tried download it over again, with no success
http://pastebin.com/gG2dSx2f

Had a look at that, i guess i need to put
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
On the beggining of the crontab -e ?


#5

I got a question then.
I did a --force-renew today, that would make the expiration date 3 months from now right?
When would the renew renew the certificates if i had it on daily basis?


#6

Yes, you can safely ignore the games ones.

30 days before it expires ( so in 2 months time )


#7

I will test it tomorrow then i will let you know of something


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.