I can't be doing this right?

I feel I need a little handholding here. I'm struggling with my second ever renewal:

I use certbot to renew my certificate on a headless Pi4 running (among other things) Home Assistant.

Is it certbot renew, or something else?

My notes from my last renewal say I used sudo certbot renew --force-renewal but that seems a bit brute force and IIRC that led to all sorts of permissions issues with my HA install which I had to manually fix. In any event the non sudo version doesn't seem to work (see (1) below)

There is also some kind of issue with a (related? service) which I spotted when I looked at running services. (see (2) below)

My domain is: https://13qw.duckdns.org

(1) I ran this command:

$ certbot renew

It produced this output:

The following error was encountered:
[Errno 13] Permission denied: '/var/log/letsencrypt/.certbot.lock'
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-ql7edyrl/log or re-run Certbot with -v for more details.

(2) I also ran this command:

systemctl list-units --type=service

It produced this output:

snap.certbot.renew.service                        loaded failed failed

My web server is (include version): I'm not sure. I'm a Home Assistant user.

The operating system my web server runs on is (include version):

cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION="11 (bullseye)"

My hosting provider, if applicable, is: duckdns

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.6.0

Why are you not running certbot as root? That's the standard practice. I assume you could run it as non-root but you'd have to spend quite a while adjusting file/directory ownerships and permisions so it can do everything that it needs to do


Maybe I need to trust my old notes: I just remember all sorts of manual faff needing to happen to permissions for my HA instance last time.

Will try that again

Does "sudo certbot renew" show the same error?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.