Letsencrypt not working with cron, manually it ok


#1

Hi!
if I execute the command manually, it workes

cd /opt/letsencrypt
./letsencrypt-auto certonly --nginx --renew-by-default -d site.com -d www.site.com

If I added an cronjob
/opt/letsencrypt/letsencrypt-auto certonly --nginx --renew-by-default -d site.com -d www.site.com
i’ll get an error

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError()

I try to make bash

#!/bin/sh
cd /opt/letsencrypt
./letsencrypt-auto certonly --nginx --renew-by-default -d site.com -d www.site.com

get same error

Could not choose appropriate plugin: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError()
The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError()

Any help?

it’s looks like solution [solved] Letsencrypt-auto working NOT in cronjob but i don’t understand how to use it.

My web server is (include version):nginx

The operating system my web server runs on is (include version): ubuntu 18.04

My hosting provider, if applicable, is: linode.com

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no


#2

Please show:
/opt/letsencrypt/letsencrypt-auto --version

And have you tried it with sudo ?


#3

certbot 0.27.1
It’s already with sudo (not works)


#4

You should not include --renew-by-default in a cron job!


#5

I definitely agree with that (I’m so sorry that I originally gave this option this name… it doesn’t mean “when necessary” but it means “right now, without asking”; the recommended name for this option has been changed to --force-renew).

I’ve just created this issue

to try to make this fact clearer!

But anyway, I don’t think that this issue is directly related to @suslikt1’s problem because including --renew-by-default in a cron job will result in hitting the issuance rate limit early… but not produce a NoInstallationError error.

@suslikt1, could you please post the log file from /var/log/letsencrypt associated with a renewal attempt that produced the NoInstallationError error?


#6

log.txt (4.7 KB)


#7

And if do it manually

    cd /opt/letsencrypt
    ./letsencrypt-auto certonly --nginx --renew-by-default -d site.com -d www.site.com
    ```

it update sert but do not restart nginx

#8

True, but I thought it was worth mentioning it :slight_smile:


#9

@bmw, can you understand this discrepancy? Could it have to do with environment variables somehow?


#10

Can you show the same log file when it works form command line?


#11

letsencrypt.txt (35.3 KB)


#12

The contrast seems to be whether it can find the nginx binary, which might be because your PATH variable is set differently between the two ways of running Certbot (maybe?).

You could check this by wrapping Certbot in a shell script like

#!/bin/sh

env >> /tmp/$$
exec /opt/letsencrypt/certbot-auto "$@"

and then seeing what the environment variables that appear in the numerically-named files in /tmp look like.

Or, is it clear that nginx is installed somewhere that isn’t in the default PATH set by cron?


#13

nginx is installed by that instruction

I’m afraid to use sertbot (last time was Certbot kill nginx)


#14

Please try to figure out whether nginx is or isn’t in a location specified by your PATH when run from crontab. You could use the wrapper shell script that I suggested as one possibility.


#15

I do next:
in console type

echo $PATH

copy result to a cron PATH

#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
/opt/letsencrypt/certbot-auto --nginx renew

not shure what it’s a right way, but it works


#16

That’s great!

(You don’t need to specify --nginx in the renew command because that’s saved in the renewal configuration in /etc/letsencrypt/renewal.)


#17

without --nginx command get an error

Attempting to renew cert (site.org) from /etc/letsencrypt/renewal/site.org.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6… Skipping.


#18

I see, it was probably obtained with --standalone then. In this case you could edit the renewal configuration file and change the authenticator from standalone to nginx, or you could renew once with certonly to change it. (Or you could just keep --nginx in your renewal script.)


#19

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.