Revoke cert and it tries and renews

Can we see what Certbot command that job is running?

Dear Mr Schoen.

We revoke a certificate for drgreggpoquetteblog.com

There are not entries for drgreggpoquetteblog.com under any of the directories
/etc/letsencrypt/*

In the mail for the cron job, I see this
No certificate found with name drgreggpoquetteblog.com (expected /etc/letsencrypt/renewal/drgreggpoquetteblog.com.conf)

The system does not give me the “There are not entries …” message ever again, so the system does cleanup after itself.

The start of the 98kb lestencrypt.log

2019-09-18 06:34:47,314:DEBUG:certbot.main:certbot version: 0.31.0
2019-09-18 06:34:47,316:DEBUG:certbot.main:Arguments: [’-q’]
2019-09-18 06:34:47,317:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-09-18 06:34:47,330:DEBUG:certbot.log:Root logging level set at 30
2019-09-18 06:34:47,331:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-09-18 06:34:47,368:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7f7b410ab208> and installer <certbot.cli._Default object at 0x7f7b410ab208>
2019-09-18 06:34:47,413:INFO:certbot.renewal:Cert not yet due for renewal
2019-09-18 06:34:47,414:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2019-09-18 06:34:47,435:INFO:certbot.renewal:Cert not yet due for renewal

The entry from the “prior” days log for drgreggpoquetteblog

2019-09-18 06:26:33,162:DEBUG:certbot.main:certbot version: 0.31.0
2019-09-18 06:26:33,163:DEBUG:certbot.main:Arguments: [’-n’, ‘–cert-path’, ‘/etc/letsencrypt/live/drgreggpoquetteblog.com/cert.pem’, ‘–reason’, ‘superseded’]
2019-09-18 06:26:33,164:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-09-18 06:26:33,181:DEBUG:certbot.log:Root logging level set at 20
2019-09-18 06:26:33,182:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-09-18 06:26:33,183:DEBUG:certbot.main:Revoking /etc/letsencrypt/live/drgreggpoquetteblog.com/cert.pem using Account Key
2019-09-18 06:26:33,189:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2019-09-18 06:26:33,191:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2019-09-18 06:26:33,288:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
2019-09-18 06:26:33,288:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 658
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 18 Sep 2019 11:26:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 18 Sep 2019 11:26:33 GMT
Connection: keep-alive

{
“4yKmgcGpsWg”: “Adding random entries to the directory”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert
}
2019-09-18 06:26:33,289:DEBUG:certbot.main:Reason code for revocation: 4
2019-09-18 06:26:33,289:DEBUG:acme.client:Requesting fresh nonce
2019-09-18 06:26:33,289:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2019-09-18 06:26:33,422:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 200 0
2019-09-18 06:26:33,422:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0002k00dUk1Jht4RKA49KETZCQO5g5ew6DwnBXDpLT-Y_-0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Content-Length: 0
Expires: Wed, 18 Sep 2019 11:26:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 18 Sep 2019 11:26:33 GMT
Connection: keep-alive

2019-09-18 06:26:33,423:DEBUG:acme.client:Storing nonce: 0002k00dUk1Jht4RKA49KETZCQO5g5ew6DwnBXDpLT-Y_-0
2019-09-18 06:26:33,423:DEBUG:acme.client:JWS payload:
b’{\n “resource”: “revoke-cert”,\n “certificate”: “MIIFgzCCBGugAwIBAgISA43z1c619oY7ovAb92Tf_md6MA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA4MTMxNjMxNThaFw0xOTExMTExNjMxNThaMCIxIDAeBgNVBAMTF2RyZ3JlZ2dwb3F1ZXR0ZWJsb2cuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5QOle56XtTvzuh7lX8vi2oIU5YXOc0i2P22MB-epoaeUWAqK1GOjJdzjJBcsdN1HZTmbdiJ-bvMFESCjG4-zx-NzRRZDQ52uYwp9S83jkMjb5KaSVSKOCdrd0feTAz3YvJ10rIYZPJTOh-RniuIbvAuYRypjNhYSScNCkD3YG-iHpdES7k8rqBq9u9AgsHgH_UPLK3yHSaX7WAOeVGbUdDQLQnAbr5NtIdo-N1cUoVchZIhSBkmCLoIWAgmjWPmTICOyegSVDd1Vvb95AlW8y_j6xHpcgmENLKiQC8yPXX3hgT22j0aaLfsl4ZuQcGgpuhFGM6MjYyjdEMt6HzT2wIDAQABo4ICiTCCAoUwDgYDVR0PAQH_BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQSqOH_xSTjJL40eA5xhv18BrD9zjAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMD8GA1UdEQQ4MDaCF2RyZ3JlZ2dwb3F1ZXR0ZWJsb2cuY29tght3d3cuZHJncmVnZ3BvcXVldHRlYmxvZy5jb20wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgDiaUuuJujpQAnohhu2O4PUPuf-dIj7pI8okwGd3fHb_gAAAWyMCVd_AAAEAwBHMEUCIQCCMAghs85kMCudTwjOc9o7UPnWd-UAyAj8fvm72Y7NLgIgSqoRAJGJ0e0dWUbn2agACqNmPQTV6KVrkFswiK48zwwAdgBj8tvN6DvMLM8LcoQnV2szpI1hd4-9daY4scdoVEvYjQAAAWyMCVlpAAAEAwBHMEUCIGZ8AFcfL5E3hlCvAo6uAgWIxDbO94QrZk9rdj6i3y3ZAiEA9iOlePxsfZ3AA2rfJ-knENgimAs-pTdTSDpNCgfON3kwDQYJKoZIhvcNAQELBQADggEBAHVWBivqIRzGIpK44n2S2miTDFCA9kFK2py9ODCmglMQ9dPM6iyfUaTcXC6xb0gJoX4lU48FLN00v9BYCsBCJ7OQDdTRLTKk8H8JCFDpBAj4g0w9Nlr4u65L_1hZfz5XWlTiqqusx-JCLy5Kfa0Ld0egMgkNQP2GBm8zHhTZYFW0577WitccMQUIAh_JHUO8sibksFbMhoxLg5PVoztiIc_Cg0XnX1qO7W8ye0KoTulQ_nU1lmwwB4oIMODNTBLfzrKABnf2yc8DGJGl9VbBlVxnzSNJLZs3pj3a_wc3ZVZhhzz0EskEnALDDUbk58aNOazXm7gbtzLbAIsgpPjkZdk”,\n “reason”: 4\n}’
2019-09-18 06:26:33,427:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/revoke-cert:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNTc2NzgyMjciLCAibm9uY2UiOiAiMDAwMmswMGRVazFKaHQ0UktBNDlLRVRaQ1FPNWc1ZXc2RHduQlhEcExULVlfLTAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3Jldm9rZS1jZXJ0In0”,
“signature”: “WKOLHrycbytbmrD3VlDau4LDRRHFYcvfZm35hKKt6qtwFCdsrqjnIIZ1nhO8Mqx6WYEkHTlO_NldcXeyvvnlX77CHmPSpiwtt4iuAFzpaGsLYV5ONTPr35h_OU_b9yCxPTaE2JEA8iDeLpCFlwUflkCtD995f6E_QnMdK4VDoPRha-SK7czqhqn9hhJsbtOlimyup9txJneVeXlkDnpKyyZGL-V_pRS1CqV_-gvMqSFpDHhOU1-VeqnQkVZXy8n0b448VqxyCCwbwKm0KaIubWuIOLbzEQTZW_E4b7EsLzzDSh8KDWPM74r_Xr2PN8KXT5-NC9vAkoracp7DoV8xeQ”,
“payload”: “ewogICJyZXNvdXJjZSI6ICJyZXZva2UtY2VydCIsCiAgImNlcnRpZmljYXRlIjogIk1JSUZnekNDQkd1Z0F3SUJBZ0lTQTQzejFjNjE5b1k3b3ZBYjkyVGZfbWQ2TUEwR0NTcUdTSWIzRFFFQkN3VUFNRW94Q3pBSkJnTlZCQVlUQWxWVE1SWXdGQVlEVlFRS0V3MU1aWFFuY3lCRmJtTnllWEIwTVNNd0lRWURWUVFERXhwTVpYUW5jeUJGYm1OeWVYQjBJRUYxZEdodmNtbDBlU0JZTXpBZUZ3MHhPVEE0TVRNeE5qTXhOVGhhRncweE9URXhNVEV4TmpNeE5UaGFNQ0l4SURBZUJnTlZCQU1URjJSeVozSmxaMmR3YjNGMVpYUjBaV0pzYjJjdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXQ1UU9sZTU2WHRUdnp1aDdsWDh2aTJvSVU1WVhPYzBpMlAyMk1CLWVwb2FlVVdBcUsxR09qSmR6akpCY3NkTjFIWlRtYmRpSi1idk1GRVNDakc0LXp4LU56UlJaRFE1MnVZd3A5UzgzamtNamI1S2FTVlNLT0NkcmQwZmVUQXozWXZKMTBySVlaUEpUT2gtUm5pdUlidkF1WVJ5cGpOaFlTU2NOQ2tEM1lHLWlIcGRFUzdrOHJxQnE5dTlBZ3NIZ0hfVVBMSzN5SFNhWDdXQU9lVkdiVWREUUxRbkFicjVOdElkby1OMWNVb1ZjaFpJaFNCa21DTG9JV0FnbWpXUG1USUNPeWVnU1ZEZDFWdmI5NUFsVzh5X2o2eEhwY2dtRU5MS2lRQzh5UFhYM2hnVDIyajBhYUxmc2w0WnVRY0dncHVoRkdNNk1qWXlqZEVNdDZIelQyd0lEQVFBQm80SUNpVENDQW9Vd0RnWURWUjBQQVFIX0JBUURBZ1dnTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQU1CZ05WSFJNQkFmOEVBakFBTUIwR0ExVWREZ1FXQkJRU3FPSF94U1RqSkw0MGVBNXhodjE4QnJEOXpqQWZCZ05WSFNNRUdEQVdnQlNvU21wakJIM2R1dWJST2JlbVJXWHY4Nmpzb1RCdkJnZ3JCZ0VGQlFjQkFRUmpNR0V3TGdZSUt3WUJCUVVITUFHR0ltaDBkSEE2THk5dlkzTndMbWx1ZEMxNE15NXNaWFJ6Wlc1amNubHdkQzV2Y21jd0x3WUlLd1lCQlFVSE1BS0dJMmgwZEhBNkx5OWpaWEowTG1sdWRDMTRNeTVzWlhSelpXNWpjbmx3ZEM1dmNtY3ZNRDhHQTFVZEVRUTRNRGFDRjJSeVozSmxaMmR3YjNGMVpYUjBaV0pzYjJjdVkyOXRnaHQzZDNjdVpISm5jbVZuWjNCdmNYVmxkSFJsWW14dlp5NWpiMjB3VEFZRFZSMGdCRVV3UXpBSUJnWm5nUXdCQWdFd053WUxLd1lCQkFHQzN4TUJBUUV3S0RBbUJnZ3JCZ0VGQlFjQ0FSWWFhSFIwY0RvdkwyTndjeTVzWlhSelpXNWpjbmx3ZEM1dmNtY3dnZ0VFQmdvckJnRUVBZFo1QWdRQ0JJSDFCSUh5QVBBQWRnRGlhVXV1SnVqcFFBbm9oaHUyTzRQVVB1Zi1kSWo3cEk4b2t3R2QzZkhiX2dBQUFXeU1DVmRfQUFBRUF3QkhNRVVDSVFDQ01BZ2hzODVrTUN1ZFR3ak9jOW83VVBuV2QtVUF5QWo4ZnZtNzJZN05MZ0lnU3FvUkFKR0owZTBkV1VibjJhZ0FDcU5tUFFUVjZLVnJrRnN3aUs0OHp3d0FkZ0JqOHR2TjZEdk1MTThMY29RblYyc3pwSTFoZDQtOWRhWTRzY2RvVkV2WWpRQUFBV3lNQ1ZscEFBQUVBd0JITUVVQ0lHWjhBRmNmTDVFM2hsQ3ZBbzZ1QWdXSXhEYk85NFFyWms5cmRqNmkzeTNaQWlFQTlpT2xlUHhzZlozQUEycmZKLWtuRU5naW1Bcy1wVGRUU0RwTkNnZk9OM2t3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUhWV0JpdnFJUnpHSXBLNDRuMlMybWlUREZDQTlrRksycHk5T0RDbWdsTVE5ZFBNNml5ZlVhVGNYQzZ4YjBnSm9YNGxVNDhGTE4wMHY5QllDc0JDSjdPUURkVFJMVEtrOEg4SkNGRHBCQWo0ZzB3OU5scjR1NjVMXzFoWmZ6NVhXbFRpcXF1c3gtSkNMeTVLZmEwTGQwZWdNZ2tOUVAyR0JtOHpIaFRaWUZXMDU3N1dpdGNjTVFVSUFoX0pIVU84c2lia3NGYk1ob3hMZzVQVm96dGlJY19DZzBYblgxcU83Vzh5ZTBLb1R1bFFfblUxbG13d0I0b0lNT0ROVEJMZnpyS0FCbmYyeWM4REdKR2w5VmJCbFZ4bnpTTkpMWnMzcGozYV93YzNaVlpoaHp6MEVza0VuQUxERFViazU4YU5PYXpYbTdnYnR6TGJBSXNncFBqa1pkayIsCiAgInJlYXNvbiI6IDQKfQ”
}
2019-09-18 06:26:33,930:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/revoke-cert HTTP/1.1” 200 0
2019-09-18 06:26:33,930:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Length: 0
Boulder-Requester: 57678227
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0001DaHDW9s1L8SuwG4Aq_MSfZEpZq0pZuyYuXjapjhkqUg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 18 Sep 2019 11:26:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 18 Sep 2019 11:26:33 GMT
Connection: keep-alive

2019-09-18 06:26:33,931:DEBUG:acme.client:Storing nonce: 0001DaHDW9s1L8SuwG4Aq_MSfZEpZq0pZuyYuXjapjhkqUg
2019-09-18 06:26:36,141:DEBUG:certbot.storage:Removed /etc/letsencrypt/renewal/drgreggpoquetteblog.com.conf
2019-09-18 06:26:36,177:DEBUG:certbot.storage:Removed /etc/letsencrypt/live/drgreggpoquetteblog.com/cert.pem
2019-09-18 06:26:36,177:DEBUG:certbot.storage:Removed /etc/letsencrypt/live/drgreggpoquetteblog.com/privkey.pem
2019-09-18 06:26:36,177:DEBUG:certbot.storage:Removed /etc/letsencrypt/live/drgreggpoquetteblog.com/chain.pem
2019-09-18 06:26:36,177:DEBUG:certbot.storage:Removed /etc/letsencrypt/live/drgreggpoquetteblog.com/fullchain.pem
2019-09-18 06:26:36,179:DEBUG:certbot.storage:Removed /etc/letsencrypt/live/drgreggpoquetteblog.com/README
2019-09-18 06:26:36,211:DEBUG:certbot.storage:Removed /etc/letsencrypt/live/drgreggpoquetteblog.com
2019-09-18 06:26:36,221:DEBUG:certbot.storage:Removed /etc/letsencrypt/archive/drgreggpoquetteblog.com
2019-09-18 06:26:36,933:DEBUG:certbot.main:certbot version: 0.31.0
2019-09-18 06:26:36,935:DEBUG:certbot.main:Arguments: [’-n’, ‘–cert-name’, ‘drgreggpoquetteblog.com’]
2019-09-18 06:26:36,936:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-09-18 06:26:36,952:DEBUG:certbot.log:Root logging level set at 20
2019-09-18 06:26:36,957:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-09-18 06:26:36,958:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.31.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1365, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1024, in delete
cert_manager.delete(config)
File “/usr/lib/python3/dist-packages/certbot/cert_manager.py”, line 95, in delete
storage.delete_files(config, certname)
File “/usr/lib/python3/dist-packages/certbot/storage.py”, line 316, in delete_files
renewal_filename = renewal_file_for_certname(config, certname)
File “/usr/lib/python3/dist-packages/certbot/storage.py”, line 53, in renewal_file_for_certname
“{1}).”.format(certname, path))
certbot.errors.CertStorageError: No certificate found with name drgreggpoquetteblog.com (expected /etc/letsencrypt/renewal/drgreggpoquetteblog.com.conf).

My logs

Revoking certifcates for : /etc/letsencrypt for entries in /var/www/html/wip/certs/1-deletes-2019-09-18.dat
Deleting Vhost files in : /etc/apache2/sites-enabled for entries in /var/www/html/wip/certs/1-deletes-2019-09-18.dat
asite : drgreggpoquetteblog

cmd1: certbot revoke -n --cert-path /etc/letsencrypt/live/drgreggpoquetteblog.com/cert.pem --reason superseded
opA1
Array
(
[0] =>
[1] => - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[2] => Deleted all files relating to certificate drgreggpoquetteblog.com.
[3] => - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[4] =>
[5] => - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[6] => Congratulations! You have successfully revoked the certificate that was located
[7] => at /etc/letsencrypt/live/drgreggpoquetteblog.com/cert.pem
[8] =>
[9] => - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
)

iretval1 0 opS1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


cmd1: certbot delete -n --cert-name drgreggpoquetteblog.com
opA1
Array
(
)

iretval1 0 opS2


tst for revokes Array
(
)

Deleted file /etc/apache2/sites-enabled/drgreggpoquetteblog-le-ssl.conf

Deleted file /etc/apache2/sites-enabled/drgreggpoquetteblog.conf

I think I found the problem

MY SWAG (silly wild assed guess) The letsencrypt renewal cron job and my maintenance cron job are running concurrently. In my case, the job can run for up to 60 seconds. This step takes 40 seconds certbot certificates >certs.out

019-09-18 06:26:36,211:DEBUG:certbot.storage:Removed /etc/letsencrypt/live/drgreggpoquetteblog.com
2019-09-18 06:26:36,221:DEBUG:certbot.storage:Removed /etc/letsencrypt/archive/drgreggpoquetteblog.com
2019-09-18 06:26:36,933:DEBUG:certbot.main:certbot version: 0.31.0
2019-09-18 06:26:36,935:DEBUG:certbot.main:Arguments: [’-n’, ‘–cert-name’, ‘drgreggpoquetteblog.com’]
2019-09-18 06:26:36,936:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-09-18 06:26:36,952:DEBUG:certbot.log:Root logging level set at 20
2019-09-18 06:26:36,957:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-09-18 06:26:36,958:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.31.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1365, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1024, in delete
cert_manager.delete(config)
File “/usr/lib/python3/dist-packages/certbot/cert_manager.py”, line 95, in delete
storage.delete_files(config, certname)
File “/usr/lib/python3/dist-packages/certbot/storage.py”, line 316, in delete_files
renewal_filename = renewal_file_for_certname(config, certname)
File “/usr/lib/python3/dist-packages/certbot/storage.py”, line 53, in renewal_file_for_certname
“{1}).”.format(certname, path))
certbot.errors.CertStorageError: No certificate found with name drgreggpoquetteblog.com (expected /etc/letsencrypt/renewal/drgreggpoquetteblog.com.conf).

@bmw is there a way for external scripts to acquire (and respect) Certbot’s locks so that they can exclude each other from running?

It would be possible, but I would consider Certbot’s lockfiles as something internal to Certbot that could change at any time and I would not recommend trying to use them in external programs. In fact, we talked about changing how they work not that long ago (see https://github.com/certbot/certbot/issues/6785). If you have a custom script that needs to be synchronized with Certbot to prevent both from running at the same time, I recommend providing that synchronization yourself. To update Certbot’s renewal timer to do this, you could either customize the cron job or potentially make use of hooks depending on your needs.

That may not be necessary though. Are you sure that the error message you’re seeing is coming from the renew cron job rather than your custom script? The reason I’m asking is that running certbot revoke -n deletes the certificate after revoking it. Then when you run certbot delete, you will get the error you’ve provided as well as the traceback which shows Certbot erroring while running the delete code rather than trying to renew your certificates.

Okay, let us say this is the best guess at this point. My cron job is causing the fatal

this is the problem

certbot delete -n --cert-name drgreggpoquetteblog.com

because - revoke gets rid of everything?

So if I remove the delete, everything is ok?

Why would you fatal if something was not found?
see File “/usr/lib/python3/dist-packages/certbot/storage.py”, line 53, in renewal_file_for_certname
“{1}).”.format(certname, path))
certbot.errors.CertStorageError

see renew job start

2019-09-18 06:34:47,316:DEBUG:certbot.main:Arguments: [’-q’]
is after fatal
2019-09-18 06:26:36,958:DEBUG:certbot.log:Exiting abnormally:

I know it is a common error msg; but, you could mention search for Exiting abnormally: in troubleshooting

It would be nice to have an easy way to not run the jobs concurrently. In my case, setting up a hook is another level of work that I would rather avoid. Some of us do not have complete test systems to work with.

I appreciate all the help I have gotten from letsencrypt. My situation, with name based hosting and 500 certs is a little different.

Unless you can find a logfile showing that error from the certbot -q renew run I think so!

Because Certbot failed to do what you asked it to. This behavior is similar to something like:

$ rm foo
rm: cannot remove 'foo': No such file or directory
$ echo $?
1

I personally don’t think it’s the right place for Certbot to provide synchronization options for your custom code. There are many other options and libraries that do this and I think code specifically for this purpose would do a better job of giving you the reliability and flexibility in behavior that you may want instead of trying to repurpose Certbot’s simple lockfiles used internally.

1 Like

Thank you for all your help. I wish I would have found this sooner. I usually try and tie an error message back to an action. Like error in certbot delete, or abnormal exit in certbot delete, instead of issuing a file not found. Having this message show up in mail threw me off
No certificate found with name drjacobsadighonline.com (expected /etc/letsencrypt/renewal/drjacobsadighonline.com.conf).

But shame on me.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.