[solved] Letsencrypt-auto working NOT in cronjob

Hi,

mattermost asked me to renew my LE-certificates using following command:
"/srv/letsencrypt/letsencrypt-auto certonly --reinstall --nginx -d mattermost.openstreetmap.de"

this is workinkg fine when i do that as a command in shell, it does not work running it as cron.
of course, i want to use cron.

running log (running as root):

2017-12-16 17:28:06,289:DEBUG:certbot.main:certbot version: 0.20.0
2017-12-16 17:28:06,289:DEBUG:certbot.main:Arguments: [’–reinstall’, ‘–nginx’, ‘-d’, ‘osmbc.openstreetmap.de’]
2017-12-16 17:28:06,289:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,Plug
inEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2017-12-16 17:28:06,313:DEBUG:certbot.log:Root logging level set at 20
2017-12-16 17:28:06,314:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-12-16 17:28:06,315:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2017-12-16 17:28:06,765:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7fe3f1d970d0>
Prep: True
2017-12-16 17:28:06,766:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin - Alpha

not running log (running as root cron):

2018-03-03 14:54:02,726:DEBUG:certbot.main:certbot version: 0.21.1
2018-03-03 14:54:02,727:DEBUG:certbot.main:Arguments: [’–reinstall’, ‘–nginx’, ‘-d’, ‘mattermost.openstreetmap.de’]
2018-03-03 14:54:02,727:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,Plug
inEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-03-03 14:54:02,757:DEBUG:certbot.log:Root logging level set at 20
2018-03-03 14:54:02,758:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-03-03 14:54:02,764:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2018-03-03 14:54:02,772:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#nginx):
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/plugins/disco.py”, line 130, in prepare
self._initialized.prepare()
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_nginx/configurator.py”, line 125, in prepare
raise errors.NoInstallationError
NoInstallationError
2018-03-03 14:54:02,773:DEBUG:certbot.plugins.selection:No candidate plugin

cron (running as root):

54 15 3 3 * /srv/letsencrypt/letsencrypt-auto certonly --reinstall --nginx -d mattermost.openstreetmap.de

any hints?

walter, germany

I might be wrong on this, but usually I think you should just do --renew not “–reinstall --nginx -d …”

may be thats better. but at first i need to get it running with cron.

will try it after problem has been solved.

btw: may be it’s something with environment. user root is logging in and cron root is not, i think

I mean the issue might be that you are not using --renew

if you ran crontab -e as root then it is as root otherwise no.

No, because the command is running fine without using cron.

but i’ll try this right now.

yes, i do edit crontab as root using “crontab -e”

changed cron cmdline to
/srv/letsencrypt/letsencrypt-auto certonly --renew-by-default --nginx -d mattermost.openstreetmap.de

without any change.

… log …
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not choose appropriate plugin: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError()
The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError()

regards
walter

added PATH to script and everything is running fine.

not happy about this “solution”, but better than nothing.

walter

We also recommend certbot-auto renew rather than certonly --renew-by-default. --renew-by-default is the old name for --force-renewal and causes the renewal be attempted immediately, regardless of the age of the existing certificate. By contrast, certbot-auto renew checks the age of the existing certificate and only attempts to renew if the existing certificate is less than 30 days from expiry. This can then be run frequently (we suggest twice per day, every day) without causing frequent renewals that will trigger rate limits.

If you run certonly --force-renewal only once per month or something, you could have missed renewal problems due to a temporary Let’s Encrypt outage (or temporary network outage) that wouldn’t occur from running renew more frequently.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.