Renew works from command line but not from system crontab


#1

Please fill out the fields below so we can help you better.

My domain is: admin.kalkulisto.net

I ran this command: /home/baby/soft/letsencrypt/certbot-auto renew --noninteractive (from system crontab)
It produced this output:
2016-07-19 03:41:02,945:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/admin.kalkulisto.net.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError(). Skipping.

My operating system is (include version): Ubuntu Server 14.04.4

My web server is (include version): Apache 2.4.7-1ubuntu4.9

My hosting provider, if applicable, is: linode

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Hi. I added a simple file in /etc/cron.d called letsencrypt-certbot_renew-all in order to automatically renew the certificates about to expire once a month.

The only line in the crontab file looks like:

41 3 19 * * root /home/baby/soft/letsencrypt/certbot-auto renew --noninteractive

That is, run the script as root every 19th of the month at 3:41.

However, whenever there IS a renewable ceritifcate, I get a message with this error from crontab:

2016-07-19 03:41:02,945:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/admin.kalkulisto.net.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError(). Skipping.

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/totales.com.ar.conf
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/admin.kalkulisto.net.conf
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/123-probando.kalkulisto.com.conf
-------------------------------------------------------------------------------

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/totales.com.ar/fullchain.pem (skipped)
  /etc/letsencrypt/live/123-probando.kalkulisto.com/fullchain.pem (skipped)
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/admin.kalkulisto.net/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

It seems to imply that the apache plugin is not installed (which it is). In fact, after getting the message I log in as root (sudo -i), run the EXACT same command and it works like a charm:

root@abako:/etc/cron.d# /home/baby/soft/letsencrypt/certbot-auto renew --noninteractive

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/totales.com.ar.conf
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/admin.kalkulisto.net.conf
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/admin.kalkulisto.net/fullchain.pem
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/123-probando.kalkulisto.com.conf
-------------------------------------------------------------------------------

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/totales.com.ar/fullchain.pem (skipped)
  /etc/letsencrypt/live/123-probando.kalkulisto.com/fullchain.pem (skipped)
Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/admin.kalkulisto.net/fullchain.pem (success)
root@abako:/etc/cron.d# 

I think there may be something missing in the environment but I don’t know what.


#2

Very common cause here is inadequate PATH variable in the cron environment. You could spend a while figuring out exactly what path elements are important, but a shortcut is to type

printenv PATH

in the environment where it works, and copy that value into a new PATH variable (or replacing an old one) at the top of the cron file

PATH=/blah/blah:/more/things/that/you/got/from/printenv

NB Don’t just copy what I wrote - it’s nonsense, you need to copy from a working value of PATH

I can’t guarantee that’s the problem, but there’s a good chance.


All renewal attempts failed. certbot.main:Could not choose appropriate plugin
#3

Thank you. Gonna try it.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.