I am not getting it - Crontab Certbot Renew

Server
1

Hi Everybody

CentOS 7 Server with Nginx.

I don’t get it. I have not found a solution for my problem, so I hope the post is ok.

When I run the command to renew my Letsencrypt certificates, all works as expected.

sudo /usr/bin/certbot renew

But I would like to run certbot renew via a Cronjob.
So I am adding to the Crontab.

sudo crontab -e

01 21 * * * /usr/bin/certbot renew >> /var/log/letsencrypt/renew.log

The logfile /var/log/letsencrypt/renew.log continously shows every day that the certificate is still valid, that the certificate is not due for renewal. The day it becomes due for renawl, I get an error message. “All renewal attempts failed”.

What could be the reason for this?

Processing /etc/letsencrypt/renewal/cloud.example.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/cloud.example.com/fullchain.pem expires on 2019-04-27 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/cloud.example.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/cloud.example.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The Error Message in /var/log/letsencrypt/letsencrypt.log is the following:

The error was: NoInstallationError("Could not find a usable 'nginx' binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.",). Skipping.

So I am checking where nginx is installed, or the Path to nginx:

command -v nginx

/usr/sbin/nginx

And I am checking, that this Path is corerectly added to /etc/crontab:

cat /etc/crontab

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root

Looks good, the the directory /usr/sbin is listed under PATH. So it should work in my opinion - this is why I am not getting it.

My other Crontabs like for “Yum update” and others work as expected. Just CERTBOT RENEW doesn’t.

Does someone think it’s possible to help me? Do I have to add the PATH somewhere else as well?

Thanks a lot in advance for any helo,

Chris

2

I think, the PATH in /etc/crontab is different from the PATH in crontab -e. Does it help if you add it at the top of the file you edit with sudo crontab -e?

2 Likes
3

I can’t believe it: that seems to have been it!

I added in the first line of crontab -e

PATH=/sbin:/bin:/usr/sbin:/usr/bin

After that the certbot renew was successful via crontab for the first time. :wink:

Thanks a lot for your help. I hope it will help someone else as well.

(I also hope it does not affect my other cronjobs :crazy_face:)

4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.