Sudo certbot renew hangs forever


My domain is:

I ran this command: sudo certbot review

It produced this output: nothing, just hangs forever

My web server is (include version): nginx 1.14.0, modified

The operating system my web server runs on is (include version):Ubuntu 18.04.3 LTS

My hosting provider, if applicable, is: ramnode

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is: dunno, even certbot --version hangs !!!

ps -ax | grep certbot reveals:

14962 ?        Ss     0:00 /bin/sh -c sudo certbot renew
14965 ?        S      0:00 sudo certbot renew
14970 ?        S      0:00 /bin/sh /snap/certbot/579/certbot.wrapper renew
14988 ?        S      0:00 /bin/sh /snap/certbot/579/certbot.wrapper renew
14989 ?        S      0:07 curl -s --unix-socket /run/snapd.socket http://localhost/v2/connections?snap=certbot&interface=content
14990 ?        S      0:00 jq -r .result.established | map(select(.plug.plug == "plugin" and ."plug-attrs".content == "certbot-1") | "/snap/"+.slot.snap+"/current/lib/python3.8/site-packages/" ) | join(":")

Any help appreciated, thanks!

EDIT: Please note that this worked fine for many months before it started hanging (I got several renewals by simply putting sudo certbot renew on daily cron).

1 Like

Btw, I tried to reinstall certbot, this also hangs

snap install --classic certbot
error: cannot communicate with server: timeout exceeded while waiting for response

Useless error message as expected from Linux (and no verbose flag on snap), so I don't know which server they're talking about. I know I have full Internet access on the machine and can visit any site.

UPDATE: strace snap install --classic certbot shows:

connect(5, {sa_family=AF_UNIX, sun_path="/run/snapd.socket"}, 20) = 0
epoll_ctl(4, EPOLL_CTL_ADD, 5, {EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, {u32=4010192544, u64=140092958486176}}) = 0
getsockname(5, {sa_family=AF_UNIX}, [112->2]) = 0
getpeername(5, {sa_family=AF_UNIX, sun_path="/run/snapd.socket"}, [112->20]) = 0
futex(0xc420055148, FUTEX_WAKE, 1)      = 1
read(5, 0xc42033b000, 4096)             = -1 EAGAIN (Resource temporarily unavailable)
write(5, "POST /v2/snaps/certbot HTTP/1.1\r"..., 292) = 292
epoll_pwait(4, [{EPOLLOUT, {u32=4010192544, u64=140092958486176}}], 128, 0, NULL, 842352921488) = 1
epoll_pwait(4, ^Cstrace: Process 13582 detached

I'm lost.

1 Like

It's all good. I found out there's which worked great in standalone mode.


Hi @capr,

I'm glad you found a solution with

I think it's likely that your problem was related to this

I haven't dug far into it, so I'm not totally certain.


It looks as though the snapd daemon on @capr's machine was just completely unresponsive. I don't think we've had any reports of this happening up until now.

I think the jq issue is only superficially related. That snap install hangs, and that snapd hadn't long since upgraded Certbot to begin with, suggests a more serious problem.

If anybody else encounters this, try

sudo systemctl restart snapd

and please let us know 1) that this happened to you and 2) whether this helped.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.