Sudo certbot renew hangs forever

capr · November 19, 2020, 4:15pm

Hello!

My domain is: allegory.ro

I ran this command: sudo certbot review

It produced this output: nothing, just hangs forever

My web server is (include version): nginx 1.14.0, modified

The operating system my web server runs on is (include version):Ubuntu 18.04.3 LTS

My hosting provider, if applicable, is: ramnode

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is: dunno, even certbot --version hangs !!!

ps -ax | grep certbot reveals:

14962 ?        Ss     0:00 /bin/sh -c sudo certbot renew
14965 ?        S      0:00 sudo certbot renew
14970 ?        S      0:00 /bin/sh /snap/certbot/579/certbot.wrapper renew
14988 ?        S      0:00 /bin/sh /snap/certbot/579/certbot.wrapper renew
14989 ?        S      0:07 curl -s --unix-socket /run/snapd.socket http://localhost/v2/connections?snap=certbot&interface=content
14990 ?        S      0:00 jq -r .result.established | map(select(.plug.plug == "plugin" and ."plug-attrs".content == "certbot-1") | "/snap/"+.slot.snap+"/current/lib/python3.8/site-packages/" ) | join(":")

Any help appreciated, thanks!

EDIT: Please note that this worked fine for many months before it started hanging (I got several renewals by simply putting sudo certbot renew on daily cron).

capr · November 19, 2020, 5:56pm

Btw, I tried to reinstall certbot, this also hangs

snap install --classic certbot
error: cannot communicate with server: timeout exceeded while waiting for response

Useless error message as expected from Linux (and no verbose flag on snap), so I don't know which server they're talking about. I know I have full Internet access on the machine and can visit any site.

UPDATE: strace snap install --classic certbot shows:

...
connect(5, {sa_family=AF_UNIX, sun_path="/run/snapd.socket"}, 20) = 0
epoll_ctl(4, EPOLL_CTL_ADD, 5, {EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, {u32=4010192544, u64=140092958486176}}) = 0
getsockname(5, {sa_family=AF_UNIX}, [112->2]) = 0
getpeername(5, {sa_family=AF_UNIX, sun_path="/run/snapd.socket"}, [112->20]) = 0
futex(0xc420055148, FUTEX_WAKE, 1)      = 1
read(5, 0xc42033b000, 4096)             = -1 EAGAIN (Resource temporarily unavailable)
write(5, "POST /v2/snaps/certbot HTTP/1.1\r"..., 292) = 292
epoll_pwait(4, [{EPOLLOUT, {u32=4010192544, u64=140092958486176}}], 128, 0, NULL, 842352921488) = 1
epoll_pwait(4, ^Cstrace: Process 13582 detached

I'm lost.

capr · November 19, 2020, 5:57pm

It's all good. I found out there's acme.sh which worked great in standalone mode.

schoen · November 21, 2020, 6:10am

Hi @capr,

I'm glad you found a solution with acme.sh.

I think it's likely that your problem was related to this

I haven't dug far into it, so I'm not totally certain.

_az · November 21, 2020, 7:00am

It looks as though the snapd daemon on @capr's machine was just completely unresponsive. I don't think we've had any reports of this happening up until now.

I think the jq issue is only superficially related. That snap install hangs, and that snapd hadn't long since upgraded Certbot to begin with, suggests a more serious problem.

If anybody else encounters this, try

sudo systemctl restart snapd

and please let us know 1) that this happened to you and 2) whether this helped.