Due to some conflicting installations of third-parties software in my Ubuntu 18.04.01 Server Edition I needed to wipe everything out and reinstall Ubuntu again (no network connection anymore).
I kept a copy of /etc/ssl/certs folder and /etc/letsenctypt folder , and o /etc/nginx/conf.d/default.conf file and then copied everything into the freshly installed Ubuntu 18.04.01 Server system.
I know that there are content problems for my ggc.world website, detected by https://check-your-website.server-daten.de/?q=ggc.world, but the urgency is at the moment to set the automatic certificate renewal. (once done I will tackle and resolve content problems as well, since the website is under heavy development).
As pointed by @EmberHeartshine in Automatic Renewal of certifications: what's the correct procedure? Ubuntu uses systemd as its init system.
Based on what it’s suggested here: https://stevenwestmoreland.com/2017/11/renewing-certbot-certificates-using-a-systemd-timer.html , I created two files in /etc/systemd/system :
-
certbot-renewal.service file:
[Unit]
Description=Certbot Renewal[Service]
ExecStart=/usr/bin/certbot renew --post-hook “systemctl restart httpd” -
certbot-renewal.timer :
[Unit]
Description=Timer for Certbot Renewal[Timer]
OnBootSec=300
OnUnitActiveSec=1d[Install]
WantedBy=multi-user.target
I followed the indications found here: https://stevenwestmoreland.com/2017/11/renewing-certbot-certificates-using-a-systemd-timer.html
marco@pc:/etc/systemd/system$ sudo systemctl start certbot-renewal.timer
marco@pc:/etc/systemd/system$ sudo systemctl enable certbot-renewal.timer
marco@pc:/etc/systemd/system$ systemctl status certbot-renewal.timer
● certbot-renewal.timer - Timer for Certbot Renewal
Loaded: loaded (/etc/systemd/system/certbot-renewal.timer; enabled; vendor preset:
enabled)
Active: active (waiting) since Fri 2019-08-02 18:14:54 CEST; 1min 15s ago
Trigger: Fri 2019-08-02 18:19:50 CEST; 3min 40s left
Aug 02 18:14:54 pc systemd[1]: Started Timer for Certbot Renewal.
marco@pc:/etc/systemd/system$ journalctl -u certbot-renewal.service
-- Logs begin at Tue 2019-07-30 19:28:05 CEST, end at Fri 2019-08-02 18:37:09 CEST. --
Aug 02 17:39:21 pc systemd[1]: Started Certbot Renewal.
Aug 02 17:39:21 pc systemd[2754]: certbot-renewal.service: Failed to execute command: No
such file or directory
Aug 02 17:39:21 pc systemd[2754]: certbot-renewal.service: Failed at step EXEC spawning
/usr/bin/certbot: No such file or directory
Aug 02 17:39:21 pc systemd[1]: certbot-renewal.service: Main process exited, code=exited,
status=203/EXEC
Aug 02 17:39:21 pc systemd[1]: certbot-renewal.service: Failed with result 'exit-code'.
-- Reboot --
Aug 02 18:19:52 pc systemd[1]: Started Certbot Renewal.
Aug 02 18:19:52 pc certbot[1666]: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Aug 02 18:19:52 pc certbot[1666]:
-------------------------------------------------------------------------------
Aug 02 18:19:52 pc certbot[1666]: No renewals were attempted.
Aug 02 18:19:52 pc certbot[1666]: No hooks were run.
Aug 02 18:19:52 pc certbot[1666]:
-------------------------------------------------------------------------------
marco@pc:/etc/systemd/system$
cat /var/log/letsencrypt/letsencrypt.log :
2019-08-02 18:19:52,648:DEBUG:certbot.main:certbot version: 0.23.0
2019-08-02 18:19:52,648:DEBUG:certbot.main:Arguments: ['--post-hook', 'systemctl restart
httpd']
2019-08-02 18:19:52,649:DEBUG:certbot.main:Discovered plugins:
PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-08-02 18:19:52,654:DEBUG:certbot.log:Root logging level set at 20
2019-08-02 18:19:52,654:INFO:certbot.log:Saving debug log to /var/log/letsencrypt
/letsencrypt.log
2019-08-02 18:19:52,656:DEBUG:certbot.renewal:no renewal failures
/usr/bin/certbot is actually present:
marco@pc:/usr/bin$ ls -lah | grep certbot
-rwxr-xr-x 1 root root 385 Apr 7 2018 certbot
lrwxrwxrwx 1 root root 7 Apr 7 2018 letsencrypt -> certbot
marco@pc:/usr/bin$
And it seems that the present certbot is already the updated one:
marco@pc:/usr/bin$ sudo apt-get update
Hit:1 http://gb.archive.ubuntu.com/ubuntu bionic InRelease
Get:2 http://gb.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:3 http://gb.archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Get:4 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Fetched 252 kB in 10s (24.6 kB/s)
Reading package lists... Done
marco@pc:/usr/bin$ sudo apt-get upgrade certbot
Reading package lists... Done
Building dependency tree
Reading state information... Done
certbot is already the newest version (0.23.0-1).
Calculating upgrade... Done
0 to upgrade, 0 to newly install, 0 to remove and 0 not to upgrade.
marco@pc:/usr/bin$
marco@pc:/usr/bin$ dpkg -S /usr/bin/certbot
certbot: /usr/bin/certbot
marco@pc:/usr/bin$
Update:
following the indications found here: https://stackoverflow.com/questions/45776003/fixing-a-systemd-service-203-exec-failure-no-such-file-or-directory
I added /bin/bash to ExecStart :
sudo nano certbot-renewal.service :
[Unit]
Description=Certbot Renewal
[Service]
ExecStart=/bin/bash /usr/bin/certbot renew --post-hook "systemctl restart httpd"
But the renewal process fails the same:
marco@pc:/etc/systemd/system$ journalctl -u certbot-renewal.service
-- Logs begin at Tue 2019-07-30 19:28:05 CEST, end at Fri 2019-08-02 19:01:49 CEST. --
Aug 02 17:39:21 pc systemd[1]: Started Certbot Renewal.
Aug 02 17:39:21 pc systemd[2754]: certbot-renewal.service: Failed to execute command: No
such file or directory
Aug 02 17:39:21 pc systemd[2754]: certbot-renewal.service: Failed at step EXEC spawning
/usr/bin/certbot: No such file or directory
Aug 02 17:39:21 pc systemd[1]: certbot-renewal.service: Main process exited, code=exited,
status=203/EXEC
Aug 02 17:39:21 pc systemd[1]: certbot-renewal.service: Failed with result 'exit-code'.
-- Reboot --
Aug 02 18:19:52 pc systemd[1]: Started Certbot Renewal.
Aug 02 18:19:52 pc certbot[1666]: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Aug 02 18:19:52 pc certbot[1666]:
-------------------------------------------------------------------------------
Aug 02 18:19:52 pc certbot[1666]: No renewals were attempted.
Aug 02 18:19:52 pc certbot[1666]: No hooks were run.
Aug 02 18:19:52 pc certbot[1666]:
-------------------------------------------------------------------------------
-- Reboot --
Aug 02 18:55:59 pc systemd[1]: Started Certbot Renewal.
Aug 02 18:56:00 pc certbot[1595]: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Aug 02 18:56:00 pc certbot[1595]:
-------------------------------------------------------------------------------
Aug 02 18:56:00 pc certbot[1595]: No renewals were attempted.
Aug 02 18:56:00 pc certbot[1595]: No hooks were run.
Aug 02 18:56:00 pc certbot[1595]:
-------------------------------------------------------------------------------
sudo nano /var/log/letsencrypt/letsencrypt.log :
2019-08-02 18:19:52,648:DEBUG:certbot.main:certbot version: 0.23.0
2019-08-02 18:19:52,648:DEBUG:certbot.main:Arguments: ['--post-hook', 'systemctl restart
httpd']
2019-08-02 18:19:52,649:DEBUG:certbot.main:Discovered plugins:
PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-08-02 18:19:52,654:DEBUG:certbot.log:Root logging level set at 20
2019-08-02 18:19:52,654:INFO:certbot.log:Saving debug log to /var/log/letsencrypt
/letsencrypt.log
2019-08-02 18:19:52,656:DEBUG:certbot.renewal:no renewal failures
2019-08-02 18:56:00,207:DEBUG:certbot.main:certbot version: 0.23.0
2019-08-02 18:56:00,207:DEBUG:certbot.main:Arguments: ['--post-hook', 'systemctl restart
httpd']
2019-08-02 18:56:00,208:DEBUG:certbot.main:Discovered plugins:
PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-08-02 18:56:00,212:DEBUG:certbot.log:Root logging level set at 20
2019-08-02 18:56:00,212:INFO:certbot.log:Saving debug log to /var/log/letsencrypt
/letsencrypt.log
2019-08-02 18:56:00,214:DEBUG:certbot.renewal:no renewal failures
Second update:
marco@pc:/etc/systemd/system$ sudo systemctl status certbot.timer
● certbot.timer - Run certbot twice daily
Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Fri 2019-08-02 18:50:56 CEST; 20min ago
Trigger: Sat 2019-08-03 06:24:53 CEST; 11h left
Aug 02 18:50:56 pc systemd[1]: Started Run certbot twice daily.
marco@pc:/etc/systemd/system$
nano /lib/systemd/system/certbot.timer :
[Unit]
Description=Run certbot twice daily
[Timer]
OnCalendar=*-*-* 00,12:00:00
RandomizedDelaySec=43200
Persistent=true
[Install]
WantedBy=timers.target
But when running sudo certbot renew --dry-run :
marco@pc:/etc/cron.d$ sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
No renewals were attempted.
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
-------------------------------------------------------------------------------
And the last lines of /var/log/letsencrypt/letsencrypt.log are :
2019-08-02 19:20:23,112:DEBUG:certbot.main:certbot version: 0.23.0
2019-08-02 19:20:23,112:DEBUG:certbot.main:Arguments: ['--dry-run']
2019-08-02 19:20:23,112:DEBUG:certbot.main:Discovered plugins:
PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-08-02 19:20:23,118:DEBUG:certbot.log:Root logging level set at 20
2019-08-02 19:20:23,118:INFO:certbot.log:Saving debug log to /var/log/letsencrypt
/letsencrypt.log
2019-08-02 19:20:23,119:DEBUG:certbot.renewal:no renewal failures
marco@pc:/etc/systemd/system$ sudo certbot renew
[sudo] password for marco:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
No renewals were attempted.
-------------------------------------------------------------------------------
marco@pc:/etc/systemd/system$
letsencrypt.log :
2019-08-02 19:26:38,580:DEBUG:certbot.main:Arguments: []
2019-08-02 19:26:38,580:DEBUG:certbot.main:Discovered plugins:
PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-08-02 19:26:38,584:DEBUG:certbot.log:Root logging level set at 20
2019-08-02 19:26:38,584:INFO:certbot.log:Saving debug log to /var/log/letsencrypt
/letsencrypt.log
2019-08-02 19:26:38,585:DEBUG:certbot.renewal:no renewal failures
I realized that there is no file in /etc/letsencrypt/renewal
How to be sure that the automatic certificates renewal process is correctly set?
Looking forward to your kind help.
Marco