Need to renew the SSL Certificate automatically

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cosec.intellore.com

I ran this command: certbot renew

It produced this output: Another instance of Certbot is already running.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-lywy5cfq/log or re-run Certbot with -v for more details.

My web server is (include version): Null

The operating system my web server runs on is (include version): Windows and certbot running as docker container

I can login to a root shell on my machine (yes or no, or I don't know): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 2.6.0

I have made a cron expression to make auto renew, the cren expression is as:
0 0 * * * certbot renew --dry-run
but still it shows: Another instance of Certbot is already running.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-lywy5cfq/log or re-run Certbot with -v for more details.
I have only 10 days for my expiry of certificate.

lets encrypt logs:
cat /var/log/letsencrypt/letsencrypt.log
2023-09-04 09:50:26,328:DEBUG:certbot._internal.main:certbot version: 2.6.0
2023-09-04 09:50:26,328:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/local/bin/certbot
2023-09-04 09:50:26,328:DEBUG:certbot._internal.main:Arguments: ['--manual', '--preferred-challenges=dns', '--email', 'subbugan@intel.com', '--agree-tos', '-d', 'cosec.intellore.com']
2023-09-04 09:50:26,328:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-09-04 09:50:26,348:DEBUG:certbot._internal.log:Root logging level set at 30
2023-09-04 09:50:26,380:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer None
2023-09-04 09:50:26,385:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: Authenticator, Plugin
Entry point: manual = certbot._internal.plugins.manual:Authenticator
Initialized: <certbot._internal.plugins.manual.Authenticator object at 0x7fe55a43b700>
Prep: True
2023-09-04 09:50:26,385:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.manual.Authenticator object at 0x7fe55a43b700> and installer None
2023-09-04 09:50:26,386:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator manual, Installer None
2023-09-04 09:50:26,528:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1193879247', new_authzr_uri=None, terms_of_service=None), cfef4057d83ddad37b3c7c8de83f92b3, Meta(creation_dt=datetime.datetime(2023, 7, 6, 14, 1, 18, tzinfo=), creation_host='c3af7d1b8d1d', register_to_eff=None))>
2023-09-04 09:50:26,528:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-09-04 09:50:26,530:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-09-04 09:50:27,322:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2023-09-04 09:50:27,322:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 04 Sep 2023 09:50:27 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"XWrQaib0aL0": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"

2

Sounds like you need to try to find that other instance of certbot. Under something Unix-y, I'd suggest something like ps aux | grep certbot, but I really wouldn't know where to start under Windows--maybe with the task manager?. But if you're running under Windows, you might be better off with a different client, one that's actually designed for Windows.

4 Likes
3

Now that is an interesting mix of things...

What O/S is running in that container?
And why would it already be running an [other] instance of certbot?

3 Likes
4

Container runs on Linux OS
No, this was the only one docker container for certbot

5
3 Likes
6

I have added the crontab for renewal.

Screenshot (23)
Screenshot (23)1440×900 62.6 KB

so in the logs it shows an deploy the DNS TXT records Under the name of _acme-challenge.cosec.intellore.com of the value.
Screenshot (20)
Screenshot (20)1440×900 91.9 KB

after chaged the value, we verify by checking the DNS Record value is updated to the domain.
Screenshot (21)
Screenshot (21)1440×900 54.9 KB

it shows as updated but when i check the expiration date, it is still showing the old data?
Screenshot (22)
Screenshot (22)1440×900 58.2 KB

Please provide a better solution to resolve this issue.

7

@danb35 @rg305 please provide a better solution for the latest mentioned problem.

8

there is no cron running in that container, unless you override the entrypoint. (crond -f -d XXX where XXX is the loglevel, 0 through 8) BusyBox - The Swiss Army Knife of Embedded Linux

but if I read correctly you used --manual with dns validation, there is no automating that. (unless you can script the challenge)

As for:

Check if your docker volumes are mounted in other certbot containers.

4 Likes
9

This does "nothing":
image
It shouldn't be included any cron jobs.

Show:
certbot certificates

3 Likes
10

when i run the certbot certificates, it shows

image
image1440×900 60.1 KB

how can i renew my certificate?

11

Oh. :man_facepalming:

If that container is running, of course another instance of certbot is already running. It's the container entrypoint. You should not run commands like that, but with docker run. Don't forget to mount the appropriate volumes.Otherwise, you can override the entrypoint once again, with /bin/sh

4 Likes
12

To resolve this issue where another instance is running, we need to delete the .certbot.lock file from the directory of /var/lib/letsencrypt and /var/log/letsencrypt.
I renewed the certificate manually, is there any possible way for autorenew?

13

There might be.

Problem one: Find where the other instance of certbot is being started.
And why it doesn't end.

2 Likes
14

You first need to understand that running certbot inside a container is something you should only do if you know what it means.

I need to reiterate this: by default, the certbot container is for running one-off commands, there is no crontab or crond that keeps the container running. The container will simply exit when the command exits.

I don't know if the image has an alternative entrypoint for running cron.

4 Likes
15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.