Renewal hangs, never times out

clifmo · March 1, 2025, 4:28pm

My domain is: program.youimpact.com

certbot renew --dry-run --verbose

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/program.youimpact.com.conf

Certificate is due for renewal, auto-renewing...

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

nginx -v
nginx version: nginx/1.22.1

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 3.2.0

I need to know if the active DNS Connectivity Issue could be related to why my SSL auto-renewal process is failing today. My website certificate expired today and the process to renew hangs indefinitely when attempting to auto-renew.

certbot renew --dry-run --verbose Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/program.youimpact.com.conf

Certificate is due for renewal, auto-renewing...

"/var/log/letsencrypt/letsencrypt.log" 15L, 1796B 13,1 All 2025-03-01 11:04:04,880:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97 2025-03-01 11:04:04,981:DEBUG:certbot._internal.main:certbot version: 3.2.0 2025-03-01 11:04:04,981:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/4412/bin/certbot 2025-03-01 11:04:04,981:DEBUG:certbot._internal.main:Arguments: ['--dry-run', '--verbose', '--preconfigured-renewal'] 2025-03-01 11:04:04,981:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2025-03-01 11:04:05,018:DEBUG:certbot._internal.log:Root logging level set at 20 2025-03-01 11:04:05,020:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/program.youimpact.com.conf 2025-03-01 11:04:05,021:DEBUG:certbot.configuration:Var server=https://acme-staging-v02.api.letsencrypt.org/directory (set by user). 2025-03-01 11:04:05,021:DEBUG:certbot.configuration:Var account=None (set by user). 2025-03-01 11:04:05,021:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None 2025-03-01 11:04:05,021:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None 2025-03-01 11:04:05,031:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2025-03-01 09:29:28 UTC. 2025-03-01 11:04:05,031:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing... 2025-03-01 11:04:05,031:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx 2025-03-01 11:07:30,513:ERROR:certbot._internal.log:Exiting due to user request.

clifmo · March 1, 2025, 4:29pm

Hosting provider is Linode

Bruce5051 · March 1, 2025, 6:04pm

Hello @clifmo, welcome to the Let's Encrypt community.

Presently a very recent certificate is being served

I assume you have resolved the issue(s).

clifmo · March 1, 2025, 7:55pm

Yes I resolved it manually however the auto renew issue persists.

Bruce5051 · March 2, 2025, 9:55pm

Hi @clifmo,

Please show the output of grep certbot /etc/crontab

clifmo · March 2, 2025, 10:07pm

The output of that command is blank. Here's the command that's stuck running.

ps -ef | grep "certb"

root 850427 1 0 Mar01 ? 00:00:00 /var/lib/snapd/snap/certbot/4412/bin/python3 -s /snap/certbot/4412/bin/certbot -q renew

Bruce5051 · March 2, 2025, 10:39pm

Kindly wait for more knowledgeable Let's Encrypt community volunteers to assist.

orangepizza · March 3, 2025, 4:43am

-q option after certbot silences output, can you remove it and let cron run again?

clifmo · March 3, 2025, 10:17pm

It's not in Cron at all. It's a systemd service running a snap command certbot.renew. Regardless it's not the job that's the issue, renew does not work when i trigger it manually in exactly the same way, and I provided the full output in OP for certbot renew --dry-run --verbose

[Unit]

Auto-generated, DO NOT EDIT

Description=Service for snap application certbot.renew
Requires=var-lib-snapd-snap-certbot-4412.mount
Wants=network.target
After=var-lib-snapd-snap-certbot-4412.mount network.target snapd.apparmor.service
X-Snappy=yes

[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/bin/snap run --timer="00:00~24:00/2" certbot.renew
SyslogIdentifier=certbot.renew
Restart=no
WorkingDirectory=/var/snap/certbot/4412
TimeoutStopSec=30
Type=oneshot

casestry · March 4, 2025, 6:49am

I have this exact same issue, with a very similar setup to yours (nginx 1.2x, certbot 3.2.0, etc), where renewal just hangs, but never errors/times out.

How did you resolve your problem manually?

Topic		Replies	Views
Certbot hangs on auto and manual renewal, but never errors out Help	4	20	March 4, 2025
Renewal failure to due apparent hang during connection Help	6	1982	April 23, 2020
Certbot renewal / multiple certs hang on last renewal Server	4	2045	December 31, 2017
Renewal Connection Timeout, But my domain is configured properly and accessible Help	6	1543	September 27, 2017
Sudo certbot renew hangs forever Help	5	2161	December 21, 2020

Renewal hangs, never times out

certbot renew --dry-run --verbose

ps -ef | grep "certb"

Auto-generated, DO NOT EDIT

Related topics