No renewals were attempted. no renewal failures


#1

Hello

I had a crontab autorenew the certificates, but something went wrong. I’m trying to find out what, but I can’t find any useful posts here. Running the command manually gives the same result.

The (crontab) command:
certbot renew --config-dir ~/.certbot/config --logs-dir ~/.certbot/logs --work-dir ~/.certbot/work

Log output:
2018-01-01 09:25:05,844:DEBUG:certbot.main:certbot version: 0.14.2
2018-01-01 09:25:05,844:DEBUG:certbot.main:Arguments: [’–config-dir’, ‘/home/beliep/.certbot/config’, ‘–logs-dir’, ‘/home/beliep/.certbot/logs’, ‘–work-dir’, ‘/home/beliep/.certbot/work’, ‘–force-renewal’, ‘-v’]
2018-01-01 09:25:05,845:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-01-01 09:25:05,859:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7f614f7b4310> and installer <certbot.cli._Default object at 0x7f614f7b4310>
2018-01-01 09:25:05,859:DEBUG:certbot.cli:Default Detector is Namespace(account=<certbot.cli._Default object at 0x7f614f7afb50>, agree_dev_preview=None, allow_subset_of_names=<certbot.cli._Default object at 0x7f614f7af910>, apache=<certbot.cli._Default object at 0x7f614f7b4bd0>, authenticator=<certbot.cli._Default object at 0x7f614f7b4310>, break_my_certs=<certbot.cli._Default object at 0x7f614f7b4790>, cert_path=<certbot.cli._Default object at 0x7f614f799410>, certname=<certbot.cli._Default object at 0x7f614f7a0d50>, chain_path=<certbot.cli._Default object at 0x7f614f799ad0>, checkpoints=<certbot.cli._Default object at 0x7f614f7a0ad0>, config_dir=’/home/beliep/.certbot/config’, config_file=None, configurator=<certbot.cli._Default object at 0x7f614f7b4310>, csr=<certbot.cli._Default object at 0x7f614f7a0ed0>, debug=<certbot.cli._Default object at 0x7f614f7b4290>, debug_challenges=<certbot.cli._Default object at 0x7f614f7b4390>, dialog=None, domains=<certbot.cli._Default object at 0x7f614f7a0c50>, dry_run=<certbot.cli._Default object at 0x7f614f7a0e50>, duplicate=<certbot.cli._Default object at 0x7f614f7afc50>, eff_email=<certbot.cli._Default object at 0x7f614f7af290>, email=<certbot.cli._Default object at 0x7f614f7af190>, expand=<certbot.cli._Default object at 0x7f614f7af590>, force_interactive=<certbot.cli._Default object at 0x7f614f7a0b50>, fullchain_path=<certbot.cli._Default object at 0x7f614f799890>, func=<function renew at 0x7f614f88fd70>, hsts=<certbot.cli._Default object at 0x7f614f7afc10>, http01_port=<certbot.cli._Default object at 0x7f614f7b4690>, ifaces=<certbot.cli._Default object at 0x7f614f799090>, init=<certbot.cli._Default object at 0x7f614f7a08d0>, installer=<certbot.cli._Default object at 0x7f614f7b4310>, key_path=<certbot.cli._Default object at 0x7f614f799650>, logs_dir=’/home/beliep/.certbot/logs’, manual=<certbot.cli._Default object at 0x7f614f7b4ed0>, manual_auth_hook=<certbot.cli._Default object at 0x7f614f7b9150>, manual_cleanup_hook=<certbot.cli._Default object at 0x7f614f7b9290>, manual_public_ip_logging_ok=<certbot.cli._Default object at 0x7f614f7b9390>, must_staple=<certbot.cli._Default object at 0x7f614f7b4990>, nginx=<certbot.cli._Default object at 0x7f614f7b4cd0>, nginx_ctl=<certbot.cli._Default object at 0x7f614f7b95d0>, nginx_server_root=<certbot.cli._Default object at 0x7f614f7b9110>, no_bootstrap=<certbot.cli._Default object at 0x7f614f7aff50>, no_self_upgrade=<certbot.cli._Default object at 0x7f614f7afe50>, no_verify_ssl=<certbot.cli._Default object at 0x7f614f7b4490>, noninteractive_mode=<certbot.cli._Default object at 0x7f614f7a0a50>, num=<certbot.cli._Default object at 0x7f614f791c90>, os_packages_only=<certbot.cli._Default object at 0x7f614f7afd50>, post_hook=<certbot.cli._Default object at 0x7f614f791150>, pre_hook=<certbot.cli._Default object at 0x7f614f803ed0>, pref_challs=<certbot.cli._Default object at 0x7f614f803c50>, prepare=<certbot.cli._Default object at 0x7f614f7a0590>, quiet=<certbot.cli._Default object at 0x7f614f7b4090>, reason=<certbot.cli._Default object at 0x7f614f7a0cd0>, redirect=<certbot.cli._Default object at 0x7f614f7affd0>, register_unsafely_without_email=<certbot.cli._Default object at 0x7f614f7a0f50>, reinstall=<certbot.cli._Default object at 0x7f614f7af490>, renew_by_default=True, renew_hook=<certbot.cli._Default object at 0x7f614f791450>, renew_with_new_domains=<certbot.cli._Default object at 0x7f614f7af810>, rsa_key_size=<certbot.cli._Default object at 0x7f614f7b4890>, server=<certbot.cli._Default object at 0x7f614f7b4510>, staging=<certbot.cli._Default object at 0x7f614f7b4190>, standalone=<certbot.cli._Default object at 0x7f614f7b4dd0>, standalone_supported_challenges=<certbot.cli._Default object at 0x7f614f7b96d0>, staple=<certbot.cli._Default object at 0x7f614f7af450>, strict_permissions=<certbot.cli._Default object at 0x7f614f803bd0>, text_mode=<certbot.cli._Default object at 0x7f614f7a0950>, tls_sni_01_port=<certbot.cli._Default object at 0x7f614f7b4590>, tos=<certbot.cli._Default object at 0x7f614f7afa50>, uir=<certbot.cli._Default object at 0x7f614f7af7d0>, update_registration=<certbot.cli._Default object at 0x7f614f7af090>, user_agent=<certbot.cli._Default object at 0x7f614f791ed0>, validate_hooks=<certbot.cli._Default object at 0x7f614f791650>, verb=‘renew’, verbose_count=True, webroot=<certbot.cli._Default object at 0x7f614f7b4fd0>, webroot_map=<certbot.cli._Default object at 0x7f614f7b98d0>, webroot_path=<certbot.cli._Default object at 0x7f614f7b94d0>, work_dir=’/home/beliep/.certbot/work’)
2018-01-01 09:25:05,867:DEBUG:certbot.log:Root logging level set at 10
2018-01-01 09:25:05,867:INFO:certbot.log:Saving debug log to /home/beliep/.certbot/logs/letsencrypt.log
2018-01-01 09:25:05,868:DEBUG:certbot.renewal:no renewal failures

The certificates seem not to have updated. (https://crt.sh/?q=www.picture-scraps.com)

I followed advice in this post:


But I did not move the folder as was the case in that post. Content of the folder is:
www.picture-scraps.com.conf

Hope anyone can point me in the right direction?
Thx!


#2

Hi @schepens83,

What do you get from running certbot certificates?


#3

Hi Schoen

It says:

Found the following certs:
Certificate Name: www.picture-scraps.com
Domains: www.picture-scraps.com www.poesieplaatjes.nl
Expiry Date: 2017-12-30 11:12:33+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/www.picture-scraps.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.picture-scraps.com/privkey.pem


#4

And what’s the output from certbot renew?


#5

It might be a problem about overriding the directories to use ~/.certbot instead of /etc/letsencrypt because your existing certificate (or at least one version of it) is in /etc/letsencrypt. But I’m not very sure of this hypothesis.


#6

That seems to work!

Output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/www.picture-scraps.com.conf

Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for www.picture-scraps.com
tls-sni-01 challenge for www.poesieplaatjes.nl
nginx: [warn] duplicate MIME type “text/html” in /etc/nginx/nginx.conf:57
Waiting for verification…
Cleaning up challenges
nginx: [warn] duplicate MIME type “text/html” in /etc/nginx/nginx.conf:55
nginx: [warn] duplicate MIME type “text/html” in /etc/nginx/nginx.conf:55

new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/www.picture-scraps.com/fullchain.pem

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/www.picture-scraps.com/fullchain.pem (success)

I don’t see a new update here, but that might have some delay.

How can I ensure the next renewal goes well via crontab? Leave out all the flags in the command? I’m not entirely sure why I put them in in the first place, but I think it had something to do with running it via crontab. Must have followed an online tutorial somewhere…


#7

Yes, if it worked without those flags, I’d suggest removing them in your cron job too.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.