I can't be doing this right?

I feel I need a little handholding here. I'm struggling with my second ever renewal:

I use certbot to renew my certificate on a headless Pi4 running (among other things) Home Assistant.

Is it certbot renew, or something else?

My notes from my last renewal say I used sudo certbot renew --force-renewal but that seems a bit brute force and IIRC that led to all sorts of permissions issues with my HA install which I had to manually fix. In any event the non sudo version doesn't seem to work (see (1) below)

There is also some kind of issue with a (related? service) which I spotted when I looked at running services. (see (2) below)

My domain is: https://13qw.duckdns.org

(1) I ran this command:

$ certbot renew

It produced this output:

The following error was encountered:
[Errno 13] Permission denied: '/var/log/letsencrypt/.certbot.lock'
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-ql7edyrl/log or re-run Certbot with -v for more details.

(2) I also ran this command:

systemctl list-units --type=service

It produced this output:

snap.certbot.renew.service                        loaded failed failed

My web server is (include version): I'm not sure. I'm a Home Assistant user.

The operating system my web server runs on is (include version):

cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

My hosting provider, if applicable, is: duckdns

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.6.0

Why are you not running certbot as root? That's the standard practice. I assume you could run it as non-root but you'd have to spend quite a while adjusting file/directory ownerships and permisions so it can do everything that it needs to do

2 Likes

Maybe I need to trust my old notes: I just remember all sorts of manual faff needing to happen to permissions for my HA instance last time.

Will try that again

Does "sudo certbot renew" show the same error?

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.