How To Make Autorenewal Work For RHEL?

My domain is: corequery.uk, and the certificate is a pem-encoded format SANS certificate for this and two other domains (insurgent.info and exstocktra.de).

My web server is: Apache 2.4 running on Fedora 29 with full root shell access and no control panel. The current Certbot version is: 0.31.0

The problem is that I cannot get autorenew working properly. - To the best of my knowledge, from several guides on the subject, I just need an /etc/crontab entry with the following:

0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew

…and everything should just work. Unfortunately it does not, and I am seeing this entry in the cron log file:

Apr 3 12:00:01 localhost crond[890]: (python) ERROR (getpwnam() failed - user unknown)

I have an idea of what is happening, but no idea on what needs fixing or where to find it. Can anyone help with this, please?

That might help perhaps - https://stackoverflow.com/questions/41861683/getpwnam-failed-in-bin-sh-only-when-called-from-cron

1 Like

Thanks, - according to those directions my /etc/crontab is now amended to the following:

0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew

I will check the log files again later on Friday and see if the amendment has been effective or not.

Oh yeah, /etc/crontab is special this way. If you use crontab -e to edit root’s crontab, it doesn’t have the special username field.

Alternatively, there’s a way to do this in crontab that doesn’t require python.

0 0,12 * * * root sleep $(( $RANDOM \% 3600 )) ; certbot renew

@schoen @mproto: thanks, - at the moment I have the entry shown below in the log file (so it is looking good); but I have made a note of both the alternative methods and will experiment with them should I have any further issues with this.

Apr 5 12:00:01 localhost CROND[3552]: (root) CMD (python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.