Renewal fails in cron, works on CLI

mattflanzer · April 5, 2019, 6:53pm

When renewing with cerbot through cron, I’m getting this error:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/fountainpartners.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewal configuration file /etc/letsencrypt/renewal/fountainpartners.com.conf (cert: fountainpartners.com) produced an unexpected error: 'Namespace' object has no attribute 'dns_digitalocean_propagation_seconds'. Skipping.

If I use sudo from command line, everything works fine.

Any thoughts?

My domain is: fountainpartners.com

My web server is (include version):
Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 18.04.2 LTS

My hosting provider, if applicable, is:
DO

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.26.1

mnordhoff · April 5, 2019, 7:15pm

This isn't very helpful, but that's a pretty old version of Certbot.

Try upgrading? "sudo apt update && sudo apt upgrade"?

Could there be multiple separate Certbot installs, getting mixed and matched in different ways due to different environment variables? If so, cleaning that up would be a good idea, and might fix this problem.

How did you install Certbot?

How did you install certbot-dns-digitalocean?

Can you post "dpkg -l '*certbot*'"?

mattflanzer · April 5, 2019, 7:29pm

Thanks! I’ll try updating, for sure. I’m also trying now to specify the DO plugin in the crontab. Not sure why that would be needed when it’s not on the command line, but I will know when the cron executes tomorrow morning. I’ll report back here

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                      Version                          Architecture Description
+++-=========================-================================-============-=================================================
ii  certbot                   0.26.1-1+ubuntu18.04.1+certbot+2 all          automatically configure HTTPS using Let's Encrypt
ii  python-certbot-apache     0.31.0-1+ubuntu18.04.1+certbot+1 all          transitional dummy package
un  python-certbot-apache-doc <none>                           <none>       (no description available)
un  python-certbot-doc        <none>                           <none>       (no description available)
un  python-certbot-nginx      <none>                           <none>       (no description available)
ii  python3-certbot           0.26.1-1+ubuntu18.04.1+certbot+2 all          main library for certbot
ii  python3-certbot-apache    0.31.0-1+ubuntu18.04.1+certbot+1 all          Apache plugin for Certbot
un  python3-certbot-nginx     <none>                           <none>       (no description available)

mnordhoff · April 5, 2019, 7:46pm

So Certbot was installed using the PPA, but two of the Certbot packages are quite out of date and out of sync with the others.

Plus, python3-certbot-dns-digitalocean isn’t installed at all, which means it must be installed some other way, and its version might also be out of sync.

I guess you should upgrade your packages, apt install python3-certbot-dns-digitalocean, and hunt down the other copy of the DigitalOcean plugin and delete it (carefully).

(The python3-certbot-dns-digitalocean package is version 0.23.0, but it’s supposed to be. The plugin hasn’t changed recently and the PPA is managed in a compatible way.)

mattflanzer · April 7, 2019, 6:35pm

Success!

Thank you very much.

I installed python3-certbot-dns-digitalocean specifically and upgraded to certbot 0.31.0. Using apt-get on Ubuntu 18.04 LTS doesn’t seem to upgrade properly, but apt works correctly. Finally specifying --dns-digitalocean with cron script did the trick.

I can’t recall for certain, but I believe initially I simply followed the instructions on Digital Ocean. Those steps work for command line, but didn’t once I added the renew script to cron.

system · May 7, 2019, 6:35pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.