Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
dsatoolkit.ddnsfree.com

I ran this command:
sudo /opt/local/bin/certbot renew

It produced this output:
with sudo:

sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper

without sudo:

The following error was encountered:
[Errno 13] Permission denied: '/Users/loucapo/letsencrypt/logs/letsencrypt.log'
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-565h53zr/log or re-run Certbot with -v for more details.

My web server is (include version):
NodeJS approx v14, with express

The operating system my web server runs on is (include version):
OSX 10.13.6 High Sierra

My hosting provider, if applicable, is:
N/A

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.9.0

I couldnt find anything in the server that lead me in the right direction. Any help is greatly appreciated.

Basically i cant get it to autorenew bc of the errors listed above. these occur when my cron job runs.

Thanks!

the first error is likely because sudo isn't configured to run for the user without a password. you can search for general "sudo osx" information to get that to work.

usually people will use one of two options:
1- invoke binary on the root crontab, not a user
2- create a new user/group that has privileges for the directories, and run as that user/group

the second error is because certbot is running as a user that can not access those files.

if you were on linux, the best solution is running as root.

since you're on osx, it's a bit of pain IMHO. personally, I just invoke certbot as my normal user and use the commandline flags to specify an alternate directory structure instead of /etc/letsencrypt:

make a userspace certbot directory

mkdir -p ~/certbot/config
mkdir -p ~/certbot/work
mkdir -p ~/certbot/logs

run certbot like this

certbot \
--config-dir=~/certbot/config \
--work-dir=~/certbot/work \
--logs-dir=~/certbot/logs \
{commands/flags}

That's my personal preference. It works across all OSX versions, while doing things by correctly leveraging the OS is apt to change every few releases because that's just what apple does.

thanks for the tips!

so number one sounds easier, lol and so thats what i would like to do. i just dont know how to do that and my google searching is failing bc i am probably using the wrong terms.

Start with:
man crontab

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.