I setup a certificate on a AWS bitnami server and running the renew script manually works successfully. The next logical step was to create a cron job as root in order to have this renewal happen automatically. I setup the script to run weekly and have had no shortage of problems - it has never worked running from cron.
The last investigation led me to ensure that the cron environment is the same as the machine's root environment. I ensured this is the case by loading the .profile at the start of my renewal bash script. After discovering it still fails I checked the output logs and each of the last 3 runs has produced a different error. I'm at my wits end here.
My domain is:
I ran this command:
/opt/bitnami/letsencrypt/lego --path="/opt/bitnami/letsencrypt" --email="" --domains="packtrackapp.com" --tls --http --http-timeout 30 --http.webroot /opt/bitnami/apps/letsencrypt renew
This command works fine when run manually as root. However in a cron job it produced these 3 separate failures:
2024/03/10 00:00:04 [INFO] [packtrackapp.com] acme: Trying renewal with 713 hours remaining
2024/03/10 00:00:04 [INFO] [packtrackapp.com, www.packtrackapp.com] acme: Obtaining bundled SAN certificate
2024/03/10 00:00:05 [INFO] [packtrackapp.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/324441185367
2024/03/10 00:00:05 [INFO] [www.packtrackapp.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/324441185377
2024/03/10 00:00:05 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/324441185367
2024/03/10 00:00:05 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/324441185377
2024/03/10 00:00:06 error: one or more domains had a problem:
acme: error: 0 :: POST :: https://acme-v02.api.letsencrypt.org/acme/authz-v3/324441185367 :: urn:ietf:params:acme:error:rateLimited :: Service busy; retry later., url:
Syntax OK
2024/03/17 00:00:05 [INFO] [packtrackapp.com] acme: Trying renewal with 545 hours remaining
2024/03/17 00:00:05 [INFO] [packtrackapp.com, www.packtrackapp.com] acme: Obtaining bundled SAN certificate
2024/03/17 00:00:06 [INFO] [packtrackapp.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/327147503317
2024/03/17 00:00:06 [INFO] [www.packtrackapp.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/327147503327
2024/03/17 00:00:06 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/327147503317
2024/03/17 00:00:06 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/327147503327
2024/03/17 00:00:06 error: one or more domains had a problem:
acme: error: 404 :: POST :: https://acme-v02.api.letsencrypt.org/acme/authz-v3/327147503317 :: urn:ietf:params:acme:error:malformed :: No such authorization, url:
Syntax OK
2024/03/24 00:00:04 [INFO] [packtrackapp.com] acme: Trying renewal with 377 hours remaining
2024/03/24 00:00:04 [INFO] [packtrackapp.com, www.packtrackapp.com] acme: Obtaining bundled SAN certificate
2024/03/24 00:00:04 [INFO] [packtrackapp.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/329910549437
2024/03/24 00:00:04 [INFO] [www.packtrackapp.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/329910549447
2024/03/24 00:00:04 [INFO] Unable to get the authorization for: https://acme-v02.api.letsencrypt.org/acme/authz-v3/329910549437
2024/03/24 00:00:05 [INFO] Unable to get the authorization for: https://acme-v02.api.letsencrypt.org/acme/authz-v3/329910549447
2024/03/24 00:00:05 error: one or more domains had a problem:
failed to post JWS message: failed to sign content: failed to sign content: square/go-jose: Error generating nonce: failed to get nonce from HTTP HEAD: 503 ::HEAD :: https://acme-v02.api.letsencrypt.org/acme/new-nonce :: unexpected end of JSON input ::
Syntax OK
The following is the output when I run my exact same renewal script manually, not with cron:
2024/03/28 16:58:08 [INFO] [packtrackapp.com] acme: Trying renewal with 264 hours remaining
2024/03/28 16:58:08 [INFO] [packtrackapp.com, www.packtrackapp.com] acme: Obtaining bundled SAN certificate
2024/03/28 16:58:09 [INFO] [packtrackapp.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/329910549437
2024/03/28 16:58:09 [INFO] [www.packtrackapp.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/329910549447
2024/03/28 16:58:09 [INFO] [packtrackapp.com] acme: use tls-alpn-01 solver
2024/03/28 16:58:09 [INFO] [www.packtrackapp.com] acme: use tls-alpn-01 solver
2024/03/28 16:58:09 [INFO] [packtrackapp.com] acme: Trying to solve TLS-ALPN-01
2024/03/28 16:58:10 http: TLS handshake error from 13.214.129.13:36520: EOF
2024/03/28 16:58:14 [INFO] [packtrackapp.com] The server validated our request
2024/03/28 16:58:14 [INFO] [www.packtrackapp.com] acme: Trying to solve TLS-ALPN-01
2024/03/28 16:58:16 http: TLS handshake error from 52.74.94.119:59222: EOF
2024/03/28 16:58:21 [INFO] [www.packtrackapp.com] The server validated our request
2024/03/28 16:58:21 [INFO] [packtrackapp.com, www.packtrackapp.com] acme: Validations succeeded; requesting certificates
2024/03/28 16:58:21 [INFO] [packtrackapp.com] Server responded with a certificate.
My web server is (include version):
Server version: Apache/2.4.34 (Unix)
The operating system my web server runs on is (include version):
4.4.0-1128-aws
My hosting provider, if applicable, is:
AWS
I can login to a root shell on my machine (yes or no, or I don't know):
YES
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
NO
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot / certbot-auto n/a,
lego version 3.8.0 linux/amd64