Letsencrypt not working with cron, manually it ok

suslikt1 · September 15, 2018, 5:48pm

Hi!
if I execute the command manually, it workes

cd /opt/letsencrypt
./letsencrypt-auto certonly --nginx --renew-by-default -d site.com -d www.site.com

If I added an cronjob
/opt/letsencrypt/letsencrypt-auto certonly --nginx --renew-by-default -d site.com -d www.site.com
i'll get an error

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError()

I try to make bash

#!/bin/sh
cd /opt/letsencrypt
./letsencrypt-auto certonly --nginx --renew-by-default -d site.com -d www.site.com

get same error

Could not choose appropriate plugin: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError()
The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError()

Any help?

it's looks like solution [solved] Letsencrypt-auto working NOT in cronjob - #9 by wambacher but i don't understand how to use it.

My web server is (include version):nginx

The operating system my web server runs on is (include version): ubuntu 18.04

My hosting provider, if applicable, is: linode.com

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

rg305 · September 15, 2018, 7:27pm

Please show:
/opt/letsencrypt/letsencrypt-auto --version

And have you tried it with sudo ?

suslikt1 · September 15, 2018, 8:52pm

certbot 0.27.1
It’s already with sudo (not works)

Osiris · September 15, 2018, 9:17pm

You should not include --renew-by-default in a cron job!

schoen · September 16, 2018, 1:56am

I definitely agree with that (I’m so sorry that I originally gave this option this name… it doesn’t mean “when necessary” but it means “right now, without asking”; the recommended name for this option has been changed to --force-renew).

I’ve just created this issue

to try to make this fact clearer!

But anyway, I don’t think that this issue is directly related to @suslikt1’s problem because including --renew-by-default in a cron job will result in hitting the issuance rate limit early… but not produce a NoInstallationError error.

@suslikt1, could you please post the log file from /var/log/letsencrypt associated with a renewal attempt that produced the NoInstallationError error?

suslikt1 · September 16, 2018, 5:52am

log.txt (4.7 KB)

suslikt1 · September 16, 2018, 5:57am

And if do it manually

    cd /opt/letsencrypt
    ./letsencrypt-auto certonly --nginx --renew-by-default -d site.com -d www.site.com
    ```

it update sert but do not restart nginx

Osiris · September 16, 2018, 10:08am

True, but I thought it was worth mentioning it

schoen · September 16, 2018, 7:57pm

@bmw, can you understand this discrepancy? Could it have to do with environment variables somehow?

rg305 · September 16, 2018, 9:38pm

Can you show the same log file when it works form command line?

suslikt1 · September 17, 2018, 4:08am

letsencrypt.txt (35.3 KB)

schoen · September 18, 2018, 12:50am

The contrast seems to be whether it can find the nginx binary, which might be because your PATH variable is set differently between the two ways of running Certbot (maybe?).

You could check this by wrapping Certbot in a shell script like

#!/bin/sh

env >> /tmp/$$
exec /opt/letsencrypt/certbot-auto "$@"

and then seeing what the environment variables that appear in the numerically-named files in /tmp look like.

Or, is it clear that nginx is installed somewhere that isn’t in the default PATH set by cron?

suslikt1 · September 18, 2018, 5:02am

nginx is installed by that instruction

I’m afraid to use sertbot (last time was Certbot kill nginx)

schoen · September 18, 2018, 6:05pm

Please try to figure out whether nginx is or isn’t in a location specified by your PATH when run from crontab. You could use the wrapper shell script that I suggested as one possibility.

suslikt1 · September 19, 2018, 8:47am

I do next:
in console type

echo $PATH

copy result to a cron PATH

#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
/opt/letsencrypt/certbot-auto --nginx renew

not shure what it's a right way, but it works

schoen · September 19, 2018, 4:11pm

That’s great!

(You don’t need to specify --nginx in the renew command because that’s saved in the renewal configuration in /etc/letsencrypt/renewal.)

suslikt1 · September 19, 2018, 4:38pm

without --nginx command get an error

Attempting to renew cert (site.org) from /etc/letsencrypt/renewal/site.org.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.

schoen · September 19, 2018, 4:57pm

I see, it was probably obtained with --standalone then. In this case you could edit the renewal configuration file and change the authenticator from standalone to nginx, or you could renew once with certonly to change it. (Or you could just keep --nginx in your renewal script.)

system · October 19, 2018, 4:58pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.