Error while auto renewing Certbot certificate

I am using Linux Centos 8 stream.

When I run the command, certbot renew --dry-run , it is working properly.

I added cronjob for auto renewal. But in the log it is showing, error. Log is below.


2022-11-10 00:07:41,205:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2022-11-10 00:07:41,205:INFO:certbot._internal.renewal:Non-interactive renewal: random delay of 70.57008772435188 seconds
2022-11-10 00:08:51,786:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2022-11-10 00:08:51,790:DEBUG:certbot._internal.plugins.disco:No installation (PluginEntryPoint#nginx): Could not find a usable 'nginx' binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.
Traceback (most recent call last):
File "/opt/certbot/lib64/python3.9/site-packages/certbot/_internal/plugins/disco.py", line 160, in prepare
self._initialized.prepare()
File "/opt/certbot/lib64/python3.9/site-packages/certbot_nginx/_internal/configurator.py", line 194, in prepare
raise errors.NoInstallationError(
certbot.errors.NoInstallationError: Could not find a usable 'nginx' binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.
2022-11-10 00:08:51,791:DEBUG:certbot._internal.plugins.selection:No candidate plugin
2022-11-10 00:08:51,792:DEBUG:certbot._internal.plugins.selection:No candidate plugin
2022-11-10 00:08:51,792:ERROR:certbot._internal.renewal:Failed to renew certificate freeost.com with error: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError("Could not find a usable 'nginx' binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.")
2022-11-10 00:08:51,794:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/opt/certbot/lib64/python3.9/site-packages/certbot/_internal/renewal.py", line 484, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/opt/certbot/lib64/python3.9/site-packages/certbot/_internal/main.py", line 1538, in renew_cert
installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
File "/opt/certbot/lib64/python3.9/site-packages/certbot/_internal/plugins/selection.py", line 257, in choose_configurator_plugins
diagnose_configurator_problem("authenticator", req_auth, plugins)
File "/opt/certbot/lib64/python3.9/site-packages/certbot/_internal/plugins/selection.py", line 377, in diagnose_configurator_problem
raise errors.PluginSelectionError(msg)
certbot.errors.PluginSelectionError: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError("Could not find a usable 'nginx' binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.")

How to fix this?

Thanks

When I run 'certbot renew' command, it is also working properly. But auto renewing is not working properly.

It sounds like your crontab is missing the PATH environment variable, which results in Certbot being unable to find the nginx binary when it performs renewals.

What you can try is placing this towards the top of /etc/crontab:

PATH=/sbin:/bin:/usr/sbin:/usr/bin

(Assuming nginx on your server is in /usr/sbin/nginx).

4 Likes

Thanks for your reply. How can I check if this setting works?

I have to wait for 60 days?

Thanks

1 Like

You could temporarily set the cronjob to include --dry-run and then check the log file tomorrow to see whether the test renewal succeeded.

If it did, you can remove --dry-run with the assurance that the real renewal will work too.

4 Likes

Thanks. It worked.

3 Likes