Error when crontab with --force-renew

andre-paulo98 · December 6, 2016, 10:50am

So i managed to setup letsencrypt with success on my machine (Ubuntu 16.04) and when i was setting up the auto renew i made this:
letsencrypt renew --force-renew
tested it on terminal and it worked.
Then i copied that and pasted on the crontab to run on day 1 of each month
0 1 1 * * letsencrypt renew --force-renew
It did run but not successfully
Here is the log (1st December)
http://pastebin.com/UZy68LJn
Note: changed all the domains to random ones.

serverco · December 6, 2016, 1:02pm

My first question would be why are you using --force-renew ? if you just do the “renew” then it will renew those certificates that need it, and not any others. That way it can be run on a daily basis.

Secondly, it looks like an older version of letsencrypt / certbot (version 0.4.1) I’m not sure what the latest version in the Ubuntu 16.06 package is, but might be worth checking you are uptodate. ( that worked on the same error - Fails when running cronjob )

On the error message itself, it’s almost certainly related to the PATH variable which is different in cron than when logged in as a user - see https://github.com/certbot/certbot/issues/1833

schoen · December 6, 2016, 7:39pm

I agree; using --force-renew in cron is not usually a good idea because it doesn’t consider whether certificates are near expiry.

In this case with 0 1 1 * * it would only run on the first day of a month, which isn’t quite as bad: so it would try to renew all of your certificates on the first day of every month, regardless of how old they are. Still, I think the default behavior of renew is preferable for almost everyone (it only tries to renew those certificates that will expire in under 30 days). This behavior is generally safe to run every day rather than every month.

andre-paulo98 · December 6, 2016, 8:04pm

I tried with that on the past without success, so figured to test if that with force-renew so i now that it worked/not worked

Tried download it over again, with no success
http://pastebin.com/gG2dSx2f

Had a look at that, i guess i need to put
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
On the beggining of the crontab -e ?

andre-paulo98 · December 6, 2016, 8:06pm

I got a question then.
I did a --force-renew today, that would make the expiration date 3 months from now right?
When would the renew renew the certificates if i had it on daily basis?

serverco · December 6, 2016, 8:11pm

Yes, you can safely ignore the games ones.

30 days before it expires ( so in 2 months time )

andre-paulo98 · December 6, 2016, 8:33pm

I will test it tomorrow then i will let you know of something

system · January 5, 2017, 8:33pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Crontab on Ubuntu Server	2	2376	March 30, 2017
Crontab auto-renew certificate failed Help	5	3001	March 8, 2017
Problem with Certificate Auto Renew Help	58	26251	August 30, 2017
Renew runs but always fails in crontab, works in shell Server	8	3721	August 27, 2016
Unable to Renew via Cron Help	6	1985	April 26, 2018

Error when crontab with --force-renew

Related topics