I have to run sudo bash ./init-letsencrypt.sh again every time to get it to renew. So I figured it must be some issue in the docker-compose.yml file.
I also tried SLEEPTIME=$(awk 'BEGIN{srand(); print int(rand()*(3600+1))}'); echo "0 0,12 * * * root sleep $SLEEPTIME && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null per User Guide — Certbot 2.6.0 documentation. But that didn't work either.
I tried typing in the renew command manually /bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;' and got an access error:
The following error was encountered:
[Errno 13] Permission denied: '/var/log/letsencrypt/.certbot.lock'
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/tmpamhpwmlr/log or re-run Certbot with -v for more details.
/bin/sh: 1: wait: Illegal number: 2586308{!}
I redid it with sudo: sudo /bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;' and got this error:
I think the way you have threads permanently lock after 30 days is a really bad idea. It means we can't comment in relevant threads found via search. Forcing us to make duplicate threads for similar issues. IE: I think commenting in [Tutorial] How to Automate Let's Encrypt using Docker and Nginx would be more appropriate than making this new thread.
Were you able to check the docker logs of the certbot container?
The $$ is docker-compose escaping syntax which evaluates to $. If you want to run the command by hand, then reduce it to a single $.
Necro'ing threads from 5 years ago is something we want to avoid on this forum. Creating a new thread avoids confusing mixed conversations and avoids notifying the original posters, who are probably long gone and no longer interested.
I've been receiving emails about my cert running out. This happened before and I let it run out to see if it was just a bug but it's not. The SSL did run out and I had to run sudo bash ./init-letsencrypt.sh again.
This means that Certbot can't find any certificates to renew, which probably means that the contents of your Docker volume (./data/certbot/conf/renewal/*.conf) was deleted at some point.
Based on the timestamps in the log you linked and the fact that Certbot never even attempted any renewals, I can't think of any other explanation.
There is a file in there /data/certbot/conf/renewal/listm.humanmicrobes.org.conf. Size 684, last modified 2023/02/18, permissions -rw-r--r-- owner/group root root.
Contents:
# renew_before_expiry = 30 days
version = 2.0.0
archive_dir = /etc/letsencrypt/archive/listm.humanmicrobes.org
cert = /etc/letsencrypt/live/listm.humanmicrobes.org/cert.pem
privkey = /etc/letsencrypt/live/listm.humanmicrobes.org/privkey.pem
chain = /etc/letsencrypt/live/listm.humanmicrobes.org/chain.pem
fullchain = /etc/letsencrypt/live/listm.humanmicrobes.org/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = 8--------censored--------------0
rsa_key_size = 4096
authenticator = webroot
webroot_path = /var/www/certbot,
server = https://acme-v02.api.letsencrypt.org/directory
key_type = ecdsa
[[webroot_map]]
listm.humanmicrobes.org = /var/www/certbot
Are you running the command inside the certbot container? If the volume is mounted correctly and that file exists, then certbot renew --dry-run should try to renew the certificate.
Yes I'm the admin but I'm a novice. I used various guides to get set up. For example, I deduce that the command I'm running is incorrect, and the proper one probably starts with docker-compose, but I wouldn't know what the proper command is.
Then you need to acquaint yourself with Docker; And how to run commands within its' containers.
The container that handles the certificates is within where you need to do your troubleshooting.
Anywhere else might as well be done from ... my system [which has zero access to yours].
FYI [in my book] these terms contradict each other:
You are either an admin or you are not.
Fear not though; We were all novices [once (or thrice)].
I have the keys to the airplane!
Doesn't make anyone "the pilot" by default.