Unable to renew - Attempting to renew cert from site.conf produced an unexpected errer: 'PATH'. Skipping


#1

Please fill out the fields below so we can help you better.

My domain is: www.sambartle.co.uk

I ran this command: ‘/usr/bin/letsencrypt renew’ (via root crontab)

It produced this output: 2016-07-12 08:43:35,430:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/www.sambartle.co.uk.conf produced an unexpected error: ‘PATH’. Skipping.

My operating system is (include version): Linux 2.6.32-042stab111.12 #1 SMP Thu Sep 17 11:38:20 MSK 2015 x86_64 GNU/Linux (debian)

My web server is (include version): Apache/2.4.10 (Debian)

My hosting provider, if applicable, is: OVH (Personal Server)

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The renewal conf for that site is this:

cert = /etc/letsencrypt/live/www.sambartle.co.uk/cert.pem
privkey = /etc/letsencrypt/live/www.sambartle.co.uk/privkey.pem
chain = /etc/letsencrypt/live/www.sambartle.co.uk/chain.pem
fullchain = /etc/letsencrypt/live/www.sambartle.co.uk/fullchain.pem

Options and defaults used in the renewal process

[renewalparams]
no_self_upgrade = False
apache_enmod = a2enmod
no_verify_ssl = False
ifaces = None
apache_dismod = a2dismod
register_unsafely_without_email = False
apache_handle_modules = True
uir = None
installer = apache
config_dir = /etc/letsencrypt
text_mode = False
func = <function run at 0x7f62d73dc230>
staging = False
dry_run = False
work_dir = /var/lib/letsencrypt
tos = False
init = False
http01_port = 80
duplicate = False
noninteractive_mode = False
key_path = None
nginx = False
fullchain_path = None
email = SNIPPED OUT
csr = None
agree_dev_preview = None
redirect = None
verb = run
verbose_count = -3
config_file = None
renew_by_default = False
hsts = False
apache_handle_sites = True
authenticator = apache
domains = www.sambartle.co.uk, www.lauramansell.co.uk
rsa_key_size = 2048
apache_challenge_location = /etc/apache2
checkpoints = 1
manual_test_mode = False
apache = False
cert_path = None
webroot_path = ,
reinstall = False
expand = False
strict_permissions = False
apache_server_root = /etc/apache2
account = SNIPPED OUT
prepare = Falsemanual_public_ip_logging_ok = False
chain_path = None
break_my_certs = False
standalone = False
manual = False
server = https://acme-v01.api.letsencrypt.org/directory
standalone_supported_challenges = "tls-sni-01,http-01"
webroot = False
os_packages_only = False
apache_init_script = None
user_agent = None
apache_ctl = None
apache_le_vhost_ext = -le-ssl.conf
debug = False
tls_sni_01_port = 443
logs_dir = /var/log/letsencrypt
apache_vhost_root = /etc/apache2/sites-available
configurator = None
[[webroot_map]]

Of the paths in there the most likely one to be incorrect looks like the webroot_path which is simply ‘,’ but I’ve tried putting various things in there like /var/www/sambartle.co.uk and that doesnt seem to help.

Is there any way I can make the error more verbose so I can see what about PATH it doesnt like?

I assume this is something to do with running via crontab as i tried renewing a while back when i first installed the certs and it worked fine!

Any help much appreciated…

Thanks
sam


#2

I shoudd probably also add that I simulated running as cron by exporting thew cron env, and using that as an argument to env itself to execute the command… which is how i found the error


#3

If you just run

/usr/bin/letsencrypt renew

from the command line, does it work ? or give the same error ?


#4

I’m pretty sure that will work, I didn’t run it because I was hoping to diagnose the crontab issue before I fix it!

Having just tried it… yes it works as expected…


#5

The weird ting is…thats fixed the crontab execution as well (or appears to have done so) - it doesnt error now… which may be because it doesnt need to renew the cert yet i guess… but it executes cleanly now even running in the crontab environment (in fact it is now I look at it, it says the domain isnt due for renewal)

I suppose that narrows down the problem to something to do with the actual renewal then, not the verification portion of the code.


#6

Yes.

I wonder if there is something odd about your PATH variable in cron, that it only needs to use during renewal.

if you do a basic bash code to print your environment variables … such as

#!/bin/bash
printenv > /tmp/env_data

and run it direct, and through a cron … what info does it give for things like PATH


#7

Hi Serverco,

You are correct…

Cron
PATH=/usr/bin:/bin

vs Root Login:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

So I think I can probably figure out how to fix it now.

If anyone working on the code reads this it might be nice if the error was a little more verbose (although it does actually point to the direct issue), as for something designed to let everyone use SSL, a default debian configuration (AFAIK this is all default), cant actually auto-renew using the method specified in the instructions!

Thanks for your help serverco!

S


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.