Hi!
I am running OS X Server version 10.11.4 as webserver hosting (using Apache managed by OS X Server App) and i installed certbot using this command in the terminal:
brew install certbot
Everything went ok and certbot was installed successfully.
Now i can create new SSL certificates, update them using "sudo certbot renew" command and it is everything ok with that - i just need to use "sudo" before the command as i think it is supposed to be!
My websites are secured and working well with these certificates.
The problem was when i tried to create a cronjob to automatically renew my certeficates: i can't use the "sudo" word in the cronjob because it will ask me the password when the job is fired to be executed. Because of that, i created a cronjob as root using this command:
sudo crontab -e
... and i created this every-minute job (just for testing... after i will fire it only twice a day):
*/1 * * * * sh /Volumes/HD2/letsencrypt/renew_all.sh
My "renew_all.sh" file is:
#!/bin/sh
DOMAIN_DEFAULT="bizeepro.no-ip.org"
PEM_FOLDER="/etc/letsencrypt/live/${DOMAIN_DEFAULT}/"
LOG_FOLDER="/Volumes/HD2/letsencrypt/logs"
DATE=$(date +"%d-%m-%Y %H_%M_%S")
LOG_FILE="${LOG_FOLDER}/${DATE}.log"
# Retrieve certificate
sudo certbot renew --manual-public-ip-logging-ok --agree-tos > $LOG_FILE 2>&1
# Check that everything went fine
LE_STATUS=$?
if [ "$LE_STATUS" != 0 ]; then
echo Automated Get certificate failed:
cat $LOG_FILE
exit 1
fi
# Generate a passphrase
PASS=$(openssl rand -base64 45 | tr -d /=+ | cut -c -30)
# Transform the pem files into a OS X Valid p12 file
sudo openssl pkcs12 -export -inkey "${PEM_FOLDER}privkey.pem" -in "${PEM_FOLDER}cert.pem" -certfile "${PEM_FOLDER}fullchain.pem" -out "${PEM_FOLDER}letsencrypt_sslcert.p12" -passout pass:$PASS
# import the p12 file in keychain
sudo security import "${PEM_FOLDER}letsencrypt_sslcert.p12" -f pkcs12 -k /Library/Keychains/System.keychain -P $PASS -T /Applications/Server.app/Contents/ServerRoot/System/Library/CoreServices/ServerManagerDaemon.bundle/Contents/MacOS/servermgrd
The script is being executed every minute but it is giving me this error (i can see that in the log file):
"sudo: certbot: command not found"
It seems that, because the cronjob is being executed in root mode, certbot command is not being find. I already tried to remove "sudo" and let only "certbot renew --manual-public-ip-logging-ok --agree-tos > $LOG_FILE 2>&1" and the problem is the same --> the error message is "certbot: command not found".
If, in the terminal, i execute the script manually, like this:
sh renew_all.sh
i get this:
unable to write 'random state'
1 identity imported.
2 certificates imported.
However, if i execute the command in the terminal as root, it works well:
sudo certbot renew
The result is:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/bizeepro.no-ip.org.conf
Cert not yet due for renewal
Processing /etc/letsencrypt/renewal/gestclinic.ddns.net.conf
Cert not yet due for renewal
The following certs are not due for renewal yet:
/etc/letsencrypt/live/bizeepro.no-ip.org/fullchain.pem (skipped)
/etc/letsencrypt/live/gestclinic.ddns.net/fullchain.pem (skipped)
I know this is a common question but i already searched 1000 pages related with this problem and i can't figure out how to solve it. I don't understand why the command works in root mode, after write "sudo certbot renew" in the terminal and doesn't work in root mode when it is executed by the cronjob.
Can anybody help me with this problem please?
Thank you very much!
