I have setup a cronjob for renewals, and although the cron will run, it will never renew the cert. it always returns the following in the log file (replaced mydomain with dummy):
Processing /etc/letsencrypt/renewal/mydomain.conf
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mydomain/fullchain.pem (failure)
This is not a cronjob problem per se (as far as I can tell) because it does issue the command, it does run, and it logs. It simply will never actually renew the cert.
In the shell directly, if I issue the command, it will work and properly renew.
I already did, I don’t think it applies since my cron runs just fine. There is no error msg related to the command not being able to run as in your other thread.
The fact that command starts does not necessarily mean it successfully runs (to clarify - the process might start, spawn or attempt to spawn an external process relying on particular environment variables to be present, return from that with an exit code indicating the failure and terminate). Change the command to
I agree with you that you’ve got a different problem here, since indeed that output is from the letsencrypt client code running.
However, I think the 2>&1 trick (what that does is send the output named stderr, used for errors, to join the standard output) is still a good idea, and also you might consider, while debugging trouble at least, adding -v -v -v to the command itself which will increase the verbosity (ie spew more detailed output)
slightly off topic but nice to know - I use 2>&1 if I’m piping the output, but if there’s a redirect to a logfile, it’s shorter and clearer to run command &>> logfile.log.