Letsencrypt renew script fails as crontab, but runs over ssh


#1

Hi,

i wrote a renew script for letencrypt and it is working perfectly, if I run it in a Root-SSH-session:

#!/bin/bash

log=/root/letsencrypt-cron.log
output=$(/opt/letsencrypt/letsencrypt-auto renew)
success=$(printf "$output" | grep 'success')
failure=$(printf "$output" | grep 'failure')
now=$(date)

# restart Services
if [[ $success != "" ]]
then
    service apache2 reload
    service postfix reload
fi

# log
if [[ $success != "" && $failure == "" ]] # All succeeded
then
    mailsubject="[`hostname`] Certificate renewal: SUCCESSFUL"
    printf "[$now] Renewal succeeded for the following certificates:\n$success\n" >> $log
elif [[ $failure != "" && $success == "" ]] # All failed
then
    mailsubject="[`hostname`] Certificate renewal: FAILED"
    printf "[$now] Renewal failed for the following certificates:\n$failure\n" >> $log
elif [[ $success != "" && $failure != "" ]] # Some succeeded, some failed
then
    mailsubject="[`hostname`] Certificate renewal: FAILED"
    printf "[$now]\nRenewal succeeded for the following certificates:\n$success\nRenewal failed for the following certificates:\n$failure\n" >> $log
else
    printf "[$now] No certificates were renewed\n" >> $log
fi

if [[ $success != "" || $failure != "" ]]
then
    printf "$now\n\n$output" | mail -s "$mailsubject" mail@address.de
fi

Now to the problem: I set the same script with crontab -e (run as root) and there it is failing. If I login and run the script manually then it works perfectly as I said.

my line in crontab -e:
0 4 * * 0,4 bash /root/letsencrypt-renew.sh


#2

How is it failing ? typically it’s because your path isn’t the same as when you are logged in.

In your cron, you shouldn’t need the “bash” you should be able to just use

0 4 * * 0,4 /root/letsencrypt-renew.sh

assuming your script has execute permissions. If not, run

chmod 700 /root/letsencrypt-renew.sh


#3

I can’t believe, that I did a mistake that is so dumb… I forgot to set the permissions, now it should work, thank you.


#4

Unfortunately it didn’t work, the log says this:

2016-06-26 02:00:02,116:DEBUG:certbot.main:Root logging level set at 30
2016-06-26 02:00:02,116:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-06-26 02:00:02,117:DEBUG:certbot.main:certbot version: 0.8.1
2016-06-26 02:00:02,117:DEBUG:certbot.main:Arguments: []
2016-06-26 02:00:02,117:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-06-26 02:00:02,137:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7f6c0bbe7b50> and installer <certbot.cli._Default object at 0x7f6c0bbe7b50>
2016-06-26 02:00:02,137:DEBUG:certbot.cli:Default Detector is Namespace(account=<certbot.cli._Default object at 0x7f6c0bbe7590>, agree_dev_preview=None, allow_subset_of_names=<certbot.cli._Default object at 0x7f6c0bbe7350>, apache=<certbot.cli._Default object at 0x7f6c0bbe7950>, apache_challenge_location=<certbot.cli._Default object at 0x7f6c0bb70690>, apache_ctl=<certbot.cli._Default object at 0x7f6c0bb70950>, apache_dismod=<certbot.cli._Default object at 0x7f6c0bbb7bd0>, apache_enmod=<certbot.cli._Default object at 0x7f6c0bbb7dd0>, apache_handle_modules=<certbot.cli._Default object at 0x7f6c0bb70390>, apache_handle_sites=<certbot.cli._Default object at 0x7f6c0bb70090>, apache_init_script=<certbot.cli._Default object at 0x7f6c0bb70a90>, apache_le_vhost_ext=<certbot.cli._Default object at 0x7f6c0bbb7a10>, apache_server_root=<certbot.cli._Default object at 0x7f6c0bbb76d0>, apache_vhost_root=<certbot.cli._Default object at 0x7f6c0bbb0f50>, authenticator=<certbot.cli._Default object at 0x7f6c0bbe7b50>, break_my_certs=<certbot.cli._Default object at 0x7f6c0bbe7e90>, cert_path=<certbot.cli._Default object at 0x7f6c0bb707d0>, chain_path=<certbot.cli._Default object at 0x7f6c0bbeab90>, checkpoints=<certbot.cli._Default object at 0x7f6c0bb702d0>, config_dir=<certbot.cli._Default object at 0x7f6c0bbea990>, config_file=None, configurator=<certbot.cli._Default object at 0x7f6c0bbe7b50>, csr=<certbot.cli._Default object at 0x7f6c0bb701d0>, debug=<certbot.cli._Default object at 0x7f6c0bbe7a90>, dialog_mode=<certbot.cli._Default object at 0x7f6c0bbb7950>, domains=<certbot.cli._Default object at 0x7f6c0bbb7e50>, dry_run=<certbot.cli._Default object at 0x7f6c0bbb7a50>, duplicate=<certbot.cli._Default object at 0x7f6c0bbe7690>, email=<certbot.cli._Default object at 0x7f6c0bbb7d50>, expand=<certbot.cli._Default object at 0x7f6c0bbe7090>, fullchain_path=<certbot.cli._Default object at 0x7f6c0bbead90>, func=<function renew at 0x7f6c0c159c80>, hsts=<certbot.cli._Default object at 0x7f6c0bbea3d0>, http01_port=<certbot.cli._Default object at 0x7f6c0bbe7d90>, ifaces=<certbot.cli._Default object at 0x7f6c0bb705d0>, init=<certbot.cli._Default object at 0x7f6c0bb703d0>, installer=<certbot.cli._Default object at 0x7f6c0bbe7b50>, key_path=<certbot.cli._Default object at 0x7f6c0bbeaf50>, logs_dir=<certbot.cli._Default object at 0x7f6c0bbea590>, manual=<certbot.cli._Default object at 0x7f6c0bbe7310>, manual_public_ip_logging_ok=<certbot.cli._Default object at 0x7f6c0bb70e90>, manual_test_mode=<certbot.cli._Default object at 0x7f6c0bb70d90>, must_staple=<certbot.cli._Default object at 0x7f6c0bbea0d0>, nginx=<certbot.cli._Default object at 0x7f6c0bbe7750>, no_self_upgrade=<certbot.cli._Default object at 0x7f6c0bbe7890>, no_verify_ssl=<certbot.cli._Default object at 0x7f6c0bbe7b90>, noninteractive_mode=<certbot.cli._Default object at 0x7f6c0bbb7850>, num=<certbot.cli._Default object at 0x7f6c0bbeaf90>, os_packages_only=<certbot.cli._Default object at 0x7f6c0bbe7790>, post_hook=<certbot.cli._Default object at 0x7f6c0bbeabd0>, pre_hook=<certbot.cli._Default object at 0x7f6c0bbeaad0>, prepare=<certbot.cli._Default object at 0x7f6c0bb704d0>, quiet=<certbot.cli._Default object at 0x7f6c0bbe7990>, redirect=<certbot.cli._Default object at 0x7f6c0bbea1d0>, register_unsafely_without_email=<certbot.cli._Default object at 0x7f6c0bbb7b50>, reinstall=<certbot.cli._Default object at 0x7f6c0bbb7f50>, renew_by_default=<certbot.cli._Default object at 0x7f6c0bbe7250>, renew_hook=<certbot.cli._Default object at 0x7f6c0bbeacd0>, rsa_key_size=<certbot.cli._Default object at 0x7f6c0bbe7f90>, server=<certbot.cli._Default object at 0x7f6c0bbea390>, staging=<certbot.cli._Default object at 0x7f6c0bbea190>, standalone=<certbot.cli._Default object at 0x7f6c0bbe7550>, standalone_supported_challenges=<certbot.cli._Default object at 0x7f6c0bb70b90>, staple=<certbot.cli._Default object at 0x7f6c0bbea7d0>, strict_permissions=<certbot.cli._Default object at 0x7f6c0bbea9d0>, text_mode=<certbot.cli._Default object at 0x7f6c0bbb7750>, tls_sni_01_port=<certbot.cli._Default object at 0x7f6c0bbe7c90>, tos=<certbot.cli._Default object at 0x7f6c0bbe7490>, uir=<certbot.cli._Default object at 0x7f6c0bbea5d0>, update_registration=<certbot.cli._Default object at 0x7f6c0bbb7c50>, user_agent=<certbot.cli._Default object at 0x7f6c0bb700d0>, validate_hooks=<certbot.cli._Default object at 0x7f6c0bbeadd0>, verb='renew', verbose_count=<certbot.cli._Default object at 0x7f6c0bbb7650>, webroot=<certbot.cli._Default object at 0x7f6c0bbe7150>, webroot_map=<certbot.cli._Default object at 0x7f6c0bb70c90>, webroot_path=<certbot.cli._Default object at 0x7f6c0bbb7f10>, work_dir=<certbot.cli._Default object at 0x7f6c0bbea790>)
2016-06-26 02:00:02,143:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2016-07-12 06:46:00 UTC.
2016-06-26 02:00:02,143:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2016-06-26 02:00:02,158:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer None
2016-06-26 02:00:02,166:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#apache): 
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/plugins/disco.py", line 105, in prepare
    self._initialized.prepare()
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 161, in prepare
    raise errors.NoInstallationError
NoInstallationError
2016-06-26 02:00:02,167:DEBUG:certbot.plugins.selection:No candidate plugin
2016-06-26 02:00:02,167:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
2016-06-26 02:00:02,167:INFO:certbot.main:Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError()
2016-06-26 02:00:02,168:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/mail1.domain.tld.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError(). Skipping.
2016-06-26 02:00:02,168:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/renewal.py", line 346, in renew_all_lineages
    main.obtain_cert(lineage_config, plugins, renewal_candidate)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 546, in obtain_cert
    installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/plugins/selection.py", line 196, in choose_configurator_plugins
    diagnose_configurator_problem("authenticator", req_auth, plugins)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/plugins/selection.py", line 273, in diagnose_configurator_problem
    raise errors.PluginSelectionError(msg)
PluginSelectionError: The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError()

2016-06-26 02:00:02,168:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 744, in main
    return config.func(config, plugins)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 584, in renew
    renewal.renew_all_lineages(config)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/renewal.py", line 363, in renew_all_lineages
    len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)

On a successful renewal it says this:

2016-06-20 13:10:07,180:DEBUG:certbot.main:Root logging level set at 30
2016-06-20 13:10:07,180:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-06-20 13:10:07,181:DEBUG:certbot.main:certbot version: 0.8.1
2016-06-20 13:10:07,181:DEBUG:certbot.main:Arguments: []
2016-06-20 13:10:07,181:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-06-20 13:10:07,211:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7f67aa67bb90> and installer <certbot.cli._Default object at 0x7f67aa67bb90>
2016-06-20 13:10:07,211:DEBUG:certbot.cli:Default Detector is Namespace(account=<certbot.cli._Default object at 0x7f67aa67b5d0>, agree_dev_preview=None, allow_subset_of_names=<certbot.cli._Default object at 0x7f67aa67b390>, apache=<certbot.cli._Default object at 0x7f67aa67b990>, apache_challenge_location=<certbot.cli._Default object at 0x7f67aa6046d0>, apache_ctl=<certbot.cli._Default object at 0x7f67aa604990>, apache_dismod=<certbot.cli._Default object at 0x7f67aa64ac10>, apache_enmod=<certbot.cli._Default object at 0x7f67aa64ae10>, apache_handle_modules=<certbot.cli._Default object at 0x7f67aa6043d0>, apache_handle_sites=<certbot.cli._Default object at 0x7f67aa6040d0>, apache_init_script=<certbot.cli._Default object at 0x7f67aa604ad0>, apache_le_vhost_ext=<certbot.cli._Default object at 0x7f67aa64aa50>, apache_server_root=<certbot.cli._Default object at 0x7f67aa64a710>, apache_vhost_root=<certbot.cli._Default object at 0x7f67aa644e90>, authenticator=<certbot.cli._Default object at 0x7f67aa67bb90>, break_my_certs=<certbot.cli._Default object at 0x7f67aa67bed0>, cert_path=<certbot.cli._Default object at 0x7f67aa604810>, chain_path=<certbot.cli._Default object at 0x7f67aa67ebd0>, checkpoints=<certbot.cli._Default object at 0x7f67aa604310>, config_dir=<certbot.cli._Default object at 0x7f67aa67e9d0>, config_file=None, configurator=<certbot.cli._Default object at 0x7f67aa67bb90>, csr=<certbot.cli._Default object at 0x7f67aa604210>, debug=<certbot.cli._Default object at 0x7f67aa67bad0>, dialog_mode=<certbot.cli._Default object at 0x7f67aa64a990>, domains=<certbot.cli._Default object at 0x7f67aa64ae90>, dry_run=<certbot.cli._Default object at 0x7f67aa64aa90>, duplicate=<certbot.cli._Default object at 0x7f67aa67b6d0>, email=<certbot.cli._Default object at 0x7f67aa64ad90>, expand=<certbot.cli._Default object at 0x7f67aa67b0d0>, fullchain_path=<certbot.cli._Default object at 0x7f67aa67edd0>, func=<function renew at 0x7f67aabefc80>, hsts=<certbot.cli._Default object at 0x7f67aa67e410>, http01_port=<certbot.cli._Default object at 0x7f67aa67bdd0>, ifaces=<certbot.cli._Default object at 0x7f67aa604610>, init=<certbot.cli._Default object at 0x7f67aa604410>, installer=<certbot.cli._Default object at 0x7f67aa67bb90>, key_path=<certbot.cli._Default object at 0x7f67aa67ef90>, logs_dir=<certbot.cli._Default object at 0x7f67aa67e5d0>, manual=<certbot.cli._Default object at 0x7f67aa67b350>, manual_public_ip_logging_ok=<certbot.cli._Default object at 0x7f67aa604ed0>, manual_test_mode=<certbot.cli._Default object at 0x7f67aa604dd0>, must_staple=<certbot.cli._Default object at 0x7f67aa67e110>, nginx=<certbot.cli._Default object at 0x7f67aa67b790>, no_self_upgrade=<certbot.cli._Default object at 0x7f67aa67b8d0>, no_verify_ssl=<certbot.cli._Default object at 0x7f67aa67bbd0>, noninteractive_mode=<certbot.cli._Default object at 0x7f67aa64a890>, num=<certbot.cli._Default object at 0x7f67aa67efd0>, os_packages_only=<certbot.cli._Default object at 0x7f67aa67b7d0>, post_hook=<certbot.cli._Default object at 0x7f67aa67ec10>, pre_hook=<certbot.cli._Default object at 0x7f67aa67eb10>, prepare=<certbot.cli._Default object at 0x7f67aa604510>, quiet=<certbot.cli._Default object at 0x7f67aa67b9d0>, redirect=<certbot.cli._Default object at 0x7f67aa67e210>, register_unsafely_without_email=<certbot.cli._Default object at 0x7f67aa64ab90>, reinstall=<certbot.cli._Default object at 0x7f67aa64af90>, renew_by_default=<certbot.cli._Default object at 0x7f67aa67b290>, renew_hook=<certbot.cli._Default object at 0x7f67aa67ed10>, rsa_key_size=<certbot.cli._Default object at 0x7f67aa67bfd0>, server=<certbot.cli._Default object at 0x7f67aa67e3d0>, staging=<certbot.cli._Default object at 0x7f67aa67e1d0>, standalone=<certbot.cli._Default object at 0x7f67aa67b590>, standalone_supported_challenges=<certbot.cli._Default object at 0x7f67aa604bd0>, staple=<certbot.cli._Default object at 0x7f67aa67e810>, strict_permissions=<certbot.cli._Default object at 0x7f67aa67ea10>, text_mode=<certbot.cli._Default object at 0x7f67aa64a790>, tls_sni_01_port=<certbot.cli._Default object at 0x7f67aa67bcd0>, tos=<certbot.cli._Default object at 0x7f67aa67b4d0>, uir=<certbot.cli._Default object at 0x7f67aa67e610>, update_registration=<certbot.cli._Default object at 0x7f67aa64ac90>, user_agent=<certbot.cli._Default object at 0x7f67aa604110>, validate_hooks=<certbot.cli._Default object at 0x7f67aa67ee10>, verb='renew', verbose_count=<certbot.cli._Default object at 0x7f67aa64a690>, webroot=<certbot.cli._Default object at 0x7f67aa67b190>, webroot_map=<certbot.cli._Default object at 0x7f67aa604cd0>, webroot_path=<certbot.cli._Default object at 0x7f67aa64af50>, work_dir=<certbot.cli._Default object at 0x7f67aa67e7d0>)
2016-06-20 13:10:07,219:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2016-07-12 06:46:00 UTC.
2016-06-20 13:10:07,219:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2016-06-20 13:10:07,239:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer None
2016-06-20 13:10:07,714:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.configurator:ApacheConfigurator
Initialized: <certbot_apache.configurator.ApacheConfigurator object at 0x7f67aaab3f50>
Prep: True
2016-06-20 13:10:07,715:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.configurator.ApacheConfigurator object at 0x7f67aaab3f50> and installer None
[...]

#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.